Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Dropper.Generic, ZeroAccess, FunMoods, FileRecovery Browser redirect need help please


(!)

OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
04-Aug-2012, 08:23 PM #1
Dropper.Generic, ZeroAccess, FunMoods, FileRecovery Browser redirect need help please
Got infected while running McAfee - first noticed browser re-directs then got the "File Recovery" malware which changed all of my files to hidden and read-only, wiped out my desktop etc. Manually got rid of that with process explorer and AVG (I have since removed AVG because of McAfee). Since have been fighting Dropper.Generic,ZeroAcess and FunMoods. Downloaded Malware bytes which keeps blocking a program outgoing to 206.161.121.3 which it says is a known bad site. Things are not getting better and I am losing the battle. McAfee keeps saying my computer is at risk (like I didn't know that)

Attached are the Hijack this file and 2 GMER scans (one from this morn and one from this eve) I tried to run DDS 3 times and it locked up after 10 min about 2/3 complete. Had to force a shutdown of the computer. If I have script blocking on I don't know what it is. Before it runs I get this message - Load Driver["c:\DOCUME~1\Richard\LOCALS~1\Temp\pwlikoc.sys"] error 0XC000010E Cannot create a stable subkey under a volatile Parent key

Thanks in advance for your desperately needed help

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:53 PM, on 8/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
e:\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Razer\DeathAdder\vdDaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Richard\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120622085057.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [hpsjbmgr] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] e:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] e:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [jqvOvRxlhEpluG.exe] C:\Documents and Settings\All Users\Application Data\jqvOvRxlhEpluG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "e:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKUS\S-1-5-21-2025429265-412668190-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2025429265-412668190-682003330-1003\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe" (User '?')
O4 - HKUS\S-1-5-21-2025429265-412668190-682003330-1003\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1344009249734
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMService - Malwarebytes Corporation - e:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 32-bit (mi-raysat_3dsmax2013_32) - Unknown owner - e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 14762 bytes

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 17:31:28
Windows 5.1.2600 Service Pack 3
Running: ciml2bpm.exe; Driver: C:\DOCUME~1\Richard\LOCALS~1\Temp\pwliikoc.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\WKQY66EY\ErrorPageTemplate[1] 2168 bytes
File C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\WKQY66EY\http_404_webOC[2] 6381 bytes
File C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\WKQY66EY\bullet[2] 3169 bytes

---- EOF - GMER 1.0.15 ----


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 20:09:31
Windows 5.1.2600 Service Pack 3
Running: ciml2bpm.exe; Driver: C:\DOCUME~1\Richard\LOCALS~1\Temp\pwliikoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040111900063D11C8EF10054038389C\Usage@HandWritingFiles 1090786349

---- EOF - GMER 1.0.15 ----



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Richard :: CONSULTING [administrator]

Protection: Enabled

8/4/2012 9:13:57 PM
mbam-log-2012-08-04 (21-13-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229698
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
05-Aug-2012, 12:31 PM #2
Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.
----------

Please download DDS from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
----------

Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
    Vista and Windows 7 users right click the icon and choose "Run as administrator".
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.


Click the image to enlarge it
----------

In your next reply please post both of the logs created by DDS and the log created by aswMBR.exe.
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
05-Aug-2012, 02:56 PM #3
Hi Jeff, Thanks for working with me. I appreciate your help.

I just tried running dds for the 4th and 5th time with the same results as before - it hangs after about 10 min., 2/3 done and locks up the machine. I disabled McAfee's virus scan and firewall, Malware bytes and tried to access the windows firewall settings but it said "Due to an unidentified problem Windows cannot display firewall settings" (I had previously turned it off so it wouldn't conflict with McAfee firewall.

I also downloaded aswMBR (twice) but was unable to open and run the program.

Any suggestions on what I might be doing wrong?
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
05-Aug-2012, 04:08 PM #4
If you can, please boot to Safe Mode and try to run DDS. If that doesn't work, do the following...
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
05-Aug-2012, 05:04 PM #5
Hi Jeff, Thanks again for your time.
dds reacted the same way in safemode. Here is the OTL.txt followed by the extras.txt in next post

OTL logfile created on: 8/5/2012 5:53:30 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.54% Memory free
5.09 Gb Paging File | 4.46 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.81 Gb Total Space | 1.90 Gb Free Space | 6.37% Space Free | Partition Type: NTFS
Drive D: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.50 Gb Total Space | 813.51 Gb Free Space | 87.33% Space Free | Partition Type: NTFS

Computer Name: CONSULTING | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Richard\Desktop\OTL.exe (OldTimer Tools)
PRC - e:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Program Files\Razer\DeathAdder\razertra.exe ()
PRC - e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe ()
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Razer\DeathAdder\vdDaemon.exe ()
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - E:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
PRC - C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27 237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb7 4d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xm l.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e16 6cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef3662 2109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f 2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644 f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a38643 4938003bceb0752e979dabb3\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\89ba19bf7929da2c 5fc8942f06085e0b\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23 bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90 fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0 f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b01 5c8e30ac945\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f93 22f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d72 37aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957b ff8f58145384e\mscorlib.ni.dll ()
MOD - e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\Sy stem.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.11 4.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb3 6a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__54 0d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandli ng\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandli ng.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2 __540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__54 0d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2_ _540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateSer vicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application .UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateSer vice\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateS ervice.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateSe rviceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoti ng.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateSer vice.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Appl ication.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead8632 1\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22_ _540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__54 0d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d48 16ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\Program Files\McAfee Online Backup\librs2.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (MBAMService) -- e:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (mi-raysat_3dsmax2013_32) -- e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe ()
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mfeavfk01) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (5762) -- C:\DOCUME~1\Richard\LOCALS~1\Temp\5762.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (VKbms) -- C:\WINDOWS\system32\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)
DRV - (hidkmdf) -- C:\WINDOWS\system32\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (AE1000) -- C:\WINDOWS\system32\drivers\AE1000XP.sys (Ralink Technology, Corp.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (danewFltr) -- C:\WINDOWS\system32\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (HabuFltr) -- C:\WINDOWS\system32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (U2SP) -- C:\WINDOWS\system32\drivers\u2s2kxp.sys (Magic Control Technology Corp.)
DRV - (iomdisk) -- C:\WINDOWS\system32\drivers\IomDisk.sys (Iomega Corporation)
DRV - (hpusbfd) -- C:\WINDOWS\system32\drivers\hpusbfd.sys (Hewlett-Packard Co.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes,DefaultScope = {45D35D64-3381-408C-B392-4F3A3A3B0359}
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\{45D35D64-3381-408C-B392-4F3A3A3B0359}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3AEC1804-1C3F-420A-91A2-AC91A4DCA372}&mid=ab263f78cb1647d08e9eb9363258785a-d84fd0e60e38f6d73167a1ab6a79267d274ac974&lang=en&ds=AVG&pr=fr&d=2012-07-23 17:18:15&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2025429265-412668190-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre cordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/29 08:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/19 09:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/29 08:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/05 17:53:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 13:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/23 18:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/21 10:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/08/05 17:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/07/23 18:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/23 18:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/27 13:48:08 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/29 08:52:19 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/24 17:29:05 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/27 13:48:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/11 15:07:55 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml
[2012/08/03 15:55:31 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/27 13:48:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/20 11:34:11 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120622085057.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Deskup] e:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Iomega Drive Icons] e:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [jqvOvRxlhEpluG.exe] C:\Documents and Settings\All Users\Application Data\jqvOvRxlhEpluG.exe File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] e:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-2025429265-412668190-682003330-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2025429265-412668190-682003330-1003..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O15 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1344009249734 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F3BA003-A932-48EC-B6E6-C75E459D186C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/17 09:58:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/03/26 16:21:45 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 05:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/04/22 16:35:02 | 000,000,000 | ---D | M] - E:\AutoCAD R14 -- [ NTFS ]
O32 - AutoRun File - [2011/10/02 15:06:37 | 000,000,000 | ---D | M] - E:\autocad14 -- [ NTFS ]
O32 - AutoRun File - [2012/06/08 19:13:34 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/03/21 14:56:17 | 000,000,000 | ---D | M] - E:\Autodesk Civil 3D 2007 -- [ NTFS ]
O32 - AutoRun File - [2011/01/06 16:26:32 | 000,000,000 | ---D | M] - E:\Autodesk Land Desktop 2007 -- [ NTFS ]
O32 - AutoRun File - [2012/06/08 19:40:24 | 000,000,000 | ---D | M] - E:\Autodesk3ds -- [ NTFS ]
O32 - AutoRun File - [2012/06/08 18:07:54 | 3062,082,469 | -H-- | M] () - E:\Autodesk_3ds_Max_2013_EFGKJS_Win_32bit.exe -- [ NTFS ]
O32 - AutoRun File - [2009/03/06 10:35:28 | 000,000,000 | ---D | M] - E:\AutoDWG -- [ NTFS ]
O32 - AutoRun File - [2009/01/04 19:08:04 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 17:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/08/05 17:48:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/08/05 17:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/08/05 17:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/08/05 17:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/08/05 17:23:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/05 17:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/08/05 17:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/08/05 17:19:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/08/05 17:18:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/08/05 17:18:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/08/05 17:18:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/08/03 16:18:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/03 15:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/03 15:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/03 15:08:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/03 10:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/07/24 17:29:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/07/23 17:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search
[2012/07/23 17:17:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/23 17:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/23 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/23 17:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/20 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/20 11:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bucksbee Loyalty Plugin - 100815
[2012/07/20 11:43:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 17:56:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/05 17:55:07 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2012/08/05 17:50:54 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 17:50:54 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-412668190-682003330-1003.job
[2012/08/05 17:50:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/05 17:48:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/08/05 17:43:53 | 000,000,660 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/05 17:01:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 16:05:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/08/03 15:08:12 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 10:46:34 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/08/03 10:44:43 | 000,002,060 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2012/08/03 08:48:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/02 11:18:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2012/07/24 08:53:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-412668190-682003330-1003.job
[2012/07/23 17:18:20 | 000,097,850 | ---- | M] () -- C:\WINDOWS\System32\acdb.err
[2012/07/20 11:44:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/20 11:34:11 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/11 08:59:33 | 000,418,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 08:58:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 17:43:53 | 000,000,660 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/05 17:18:50 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/08/05 17:18:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/08/03 15:08:12 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 10:46:34 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/07/20 11:44:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/20 11:44:49 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/20 11:42:21 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\{bff89576-453d-18fa-16f4-a5e8db8fefe1}\L\00000004.@
[2012/05/30 00:26:03 | 000,230,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/19 15:59:08 | 000,019,791 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2012/04/19 15:59:08 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2012/04/19 15:58:52 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2012/04/19 15:58:43 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2012/04/15 11:36:30 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 10:07:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/17 10:05:26 | 001,453,948 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-412668190-682003330-1003-0.dat
[2011/10/17 10:05:26 | 000,350,038 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/24 11:44:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2011/08/24 11:44:09 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2011/06/14 11:59:18 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/04/04 12:11:56 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/04/03 22:29:11 | 000,002,060 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2011/04/03 22:07:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2011/04/03 21:59:29 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/04/03 21:59:29 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/04/03 12:28:15 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/03 12:04:06 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/03 12:03:16 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/03 12:03:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/02 21:05:21 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/03/29 18:26:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/03/29 11:37:09 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2011/03/26 17:43:30 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/03/26 17:43:22 | 000,032,981 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/03/26 17:43:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/03/26 17:20:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/26 17:10:55 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/03/26 17:10:54 | 000,001,009 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/03/26 17:10:50 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2011/03/26 17:10:50 | 000,000,212 | ---- | C] () -- C:\WINDOWS\System32\hpbvnstp.dat
[2011/03/26 17:03:51 | 000,015,190 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2011/03/26 17:00:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4969.dll
[2011/03/26 17:00:24 | 002,119,020 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/03/26 17:00:24 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/03/26 16:57:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/26 16:47:07 | 000,000,485 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/26 16:44:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/03/26 16:44:42 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/03/26 16:44:40 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/03/26 16:44:40 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/03/26 16:23:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 16:19:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/26 11:11:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/26 11:08:50 | 000,418,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{bff89576-453d-18fa-16f4-a5e8db8fefe1}\@
[2008/04/14 08:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\{bff89576-453d-18fa-16f4-a5e8db8fefe1}\@

========== LOP Check ==========

[2012/06/09 08:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/08/03 16:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/06/14 11:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/07/23 17:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/04/03 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2012/08/03 16:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/04/30 15:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/12/28 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/02 19:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GIRDAC
[2012/05/04 21:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Active Disk
[2012/06/09 08:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Autodesk
[2012/07/23 17:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\AVG2012
[2012/03/10 11:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\EurekaLog
[2012/08/03 18:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FileZilla
[2011/11/05 12:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\GIRDAC
[2012/04/16 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\gtk-2.0
[2011/03/26 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2011/12/06 19:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\MSNInstaller
[2012/02/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Razer
[2011/12/28 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\TestApp
[2011/03/29 09:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Thunderbird
[2011/04/18 20:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\V-Safe

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
05-Aug-2012, 05:05 PM #6
OTL logfile created on: 8/5/2012 5:53:30 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 77.54% Memory free
5.09 Gb Paging File | 4.46 Gb Available in Paging File | 87.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.81 Gb Total Space | 1.90 Gb Free Space | 6.37% Space Free | Partition Type: NTFS
Drive D: | 0.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 931.50 Gb Total Space | 813.51 Gb Free Space | 87.33% Space Free | Partition Type: NTFS

Computer Name: CONSULTING | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Richard\Desktop\OTL.exe (OldTimer Tools)
PRC - e:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Razer\DeathAdder\razerhid.exe ()
PRC - C:\Program Files\Razer\DeathAdder\razertra.exe ()
PRC - e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe ()
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Razer\DeathAdder\vdDaemon.exe ()
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
PRC - C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
PRC - C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)
PRC - E:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
PRC - C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27 237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb7 4d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Dat a.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a \System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3 a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xm l.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\Syste m.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50 a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e 089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\Sy stem.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089 \System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e16 6cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef3662 2109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f 2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644 f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a38643 4938003bceb0752e979dabb3\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\89ba19bf7929da2c 5fc8942f06085e0b\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23 bb91f4499059a459\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90 fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0 f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b01 5c8e30ac945\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f93 22f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d72 37aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957b ff8f58145384e\mscorlib.ni.dll ()
MOD - e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\Sy stem.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.11 4.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb3 6a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__54 0d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandli ng\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandli ng.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2 __540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__54 0d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2_ _540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateSer vicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application .UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateSer vice\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateS ervice.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateSe rviceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoti ng.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateSer vice.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Appl ication.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead8632 1\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22_ _540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__54 0d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d48 16ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\Program Files\McAfee Online Backup\librs2.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (Iomega Activity Disk2) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (MBAMService) -- e:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (mi-raysat_3dsmax2013_32) -- e:\Autodesk3ds\3ds Max 2013\NVIDIA\raysat_3dsmax2013_32server.exe ()
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (_IOMEGA_ACTIVE_DISK_SERVICE_) -- C:\Program Files\Iomega\AutoDisk\ADService.exe (Iomega Corporation)
SRV - (Iomega App Services) -- C:\Program Files\Iomega\System32\AppServices.exe (Iomega Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mfeavfk01) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (5762) -- C:\DOCUME~1\Richard\LOCALS~1\Temp\5762.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (VKbms) -- C:\WINDOWS\system32\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)
DRV - (hidkmdf) -- C:\WINDOWS\system32\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (AE1000) -- C:\WINDOWS\system32\drivers\AE1000XP.sys (Ralink Technology, Corp.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (danewFltr) -- C:\WINDOWS\system32\drivers\danew.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (HabuFltr) -- C:\WINDOWS\system32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (U2SP) -- C:\WINDOWS\system32\drivers\u2s2kxp.sys (Magic Control Technology Corp.)
DRV - (iomdisk) -- C:\WINDOWS\system32\drivers\IomDisk.sys (Iomega Corporation)
DRV - (hpusbfd) -- C:\WINDOWS\system32\drivers\hpusbfd.sys (Hewlett-Packard Co.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes,DefaultScope = {45D35D64-3381-408C-B392-4F3A3A3B0359}
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\{45D35D64-3381-408C-B392-4F3A3A3B0359}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={3AEC1804-1C3F-420A-91A2-AC91A4DCA372}&mid=ab263f78cb1647d08e9eb9363258785a-d84fd0e60e38f6d73167a1ab6a79267d274ac974&lang=en&ds=AVG&pr=fr&d=2012-07-23 17:18:15&v=11.0.0.10&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2025429265-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-2025429265-412668190-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserre cordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim. dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/29 08:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/19 09:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/29 08:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/05 17:53:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 13:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/23 18:34:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/06/21 10:22:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012/08/05 17:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/07/23 18:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/23 18:34:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/27 13:48:08 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/05/29 08:52:19 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/24 17:29:05 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/27 13:48:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/11 15:07:55 | 000,001,692 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\comcast.xml
[2012/08/03 15:55:31 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/07/27 13:48:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/20 11:34:11 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120622085057.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Deskup] e:\Program Files\Iomega\DriveIcons\deskup.exe (Iomega)
O4 - HKLM..\Run: [HP Lamp] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [hpsjbmgr] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpsjbmgr.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Iomega Drive Icons] e:\Program Files\Iomega\DriveIcons\Imgicon.exe (Iomega)
O4 - HKLM..\Run: [jqvOvRxlhEpluG.exe] C:\Documents and Settings\All Users\Application Data\jqvOvRxlhEpluG.exe File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] e:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe ()
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-2025429265-412668190-682003330-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Richard\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-2025429265-412668190-682003330-1003..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2025429265-412668190-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O15 - HKU\S-1-5-21-2025429265-412668190-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1344009249734 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F3BA003-A932-48EC-B6E6-C75E459D186C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/17 09:58:00 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/03/26 16:21:45 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 05:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/04/22 16:35:02 | 000,000,000 | ---D | M] - E:\AutoCAD R14 -- [ NTFS ]
O32 - AutoRun File - [2011/10/02 15:06:37 | 000,000,000 | ---D | M] - E:\autocad14 -- [ NTFS ]
O32 - AutoRun File - [2012/06/08 19:13:34 | 000,000,000 | ---D | M] - E:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/03/21 14:56:17 | 000,000,000 | ---D | M] - E:\Autodesk Civil 3D 2007 -- [ NTFS ]
O32 - AutoRun File - [2011/01/06 16:26:32 | 000,000,000 | ---D | M] - E:\Autodesk Land Desktop 2007 -- [ NTFS ]
O32 - AutoRun File - [2012/06/08 19:40:24 | 000,000,000 | ---D | M] - E:\Autodesk3ds -- [ NTFS ]
O32 - AutoRun File - [2012/06/08 18:07:54 | 3062,082,469 | -H-- | M] () - E:\Autodesk_3ds_Max_2013_EFGKJS_Win_32bit.exe -- [ NTFS ]
O32 - AutoRun File - [2009/03/06 10:35:28 | 000,000,000 | ---D | M] - E:\AutoDWG -- [ NTFS ]
O32 - AutoRun File - [2009/01/04 19:08:04 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 17:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/08/05 17:48:14 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/08/05 17:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/08/05 17:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/08/05 17:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/08/05 17:23:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/08/05 17:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/08/05 17:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/08/05 17:19:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/08/05 17:18:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/08/05 17:18:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/08/05 17:18:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/08/05 17:18:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/08/05 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/08/03 16:18:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/03 15:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/03 15:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/03 15:08:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/03 10:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/07/24 17:29:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/07/23 17:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AVG Secure Search
[2012/07/23 17:17:33 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/23 17:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/23 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/23 17:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/20 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/20 11:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bucksbee Loyalty Plugin - 100815
[2012/07/20 11:43:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 17:56:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/05 17:55:07 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2012/08/05 17:50:54 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 17:50:54 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2025429265-412668190-682003330-1003.job
[2012/08/05 17:50:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/05 17:48:14 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/08/05 17:43:53 | 000,000,660 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/05 17:01:01 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 16:05:01 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2012/08/03 15:08:12 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 10:46:34 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/08/03 10:44:43 | 000,002,060 | ---- | M] () -- C:\WINDOWS\winzip32.ini
[2012/08/03 08:48:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/02 11:18:49 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG
[2012/07/24 08:53:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2025429265-412668190-682003330-1003.job
[2012/07/23 17:18:20 | 000,097,850 | ---- | M] () -- C:\WINDOWS\System32\acdb.err
[2012/07/20 11:44:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/20 11:34:11 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/11 08:59:33 | 000,418,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 08:58:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 17:43:53 | 000,000,660 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2012/08/05 17:18:50 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/08/05 17:18:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/08/03 15:08:12 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 10:46:34 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk
[2012/07/20 11:44:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/20 11:44:49 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/20 11:42:21 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\{bff89576-453d-18fa-16f4-a5e8db8fefe1}\L\00000004.@
[2012/05/30 00:26:03 | 000,230,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/19 15:59:08 | 000,019,791 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2012/04/19 15:59:08 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2012/04/19 15:58:52 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2012/04/19 15:58:43 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2012/04/15 11:36:30 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 10:07:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/17 10:05:26 | 001,453,948 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2025429265-412668190-682003330-1003-0.dat
[2011/10/17 10:05:26 | 000,350,038 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/08/24 11:44:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI
[2011/08/24 11:44:09 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\MTSTACK.EXE
[2011/06/14 11:59:18 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/04/04 12:11:56 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/04/03 22:29:11 | 000,002,060 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2011/04/03 22:07:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2011/04/03 21:59:29 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011/04/03 21:59:29 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011/04/03 12:28:15 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/04/03 12:04:06 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/03 12:03:16 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/04/03 12:03:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/02 21:05:21 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/03/29 18:26:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/03/29 11:37:09 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2011/03/26 17:43:30 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/03/26 17:43:22 | 000,032,981 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/03/26 17:43:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/03/26 17:20:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/26 17:10:55 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/03/26 17:10:54 | 000,001,009 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2011/03/26 17:10:50 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\hpbvnstp.dll
[2011/03/26 17:10:50 | 000,000,212 | ---- | C] () -- C:\WINDOWS\System32\hpbvnstp.dat
[2011/03/26 17:03:51 | 000,015,190 | ---- | C] () -- C:\WINDOWS\hplj1010.ini
[2011/03/26 17:00:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4969.dll
[2011/03/26 17:00:24 | 002,119,020 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2011/03/26 17:00:24 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2011/03/26 16:57:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/03/26 16:47:07 | 000,000,485 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/26 16:44:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011/03/26 16:44:42 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011/03/26 16:44:40 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011/03/26 16:44:40 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011/03/26 16:23:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 16:19:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/26 11:11:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/26 11:08:50 | 000,418,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{bff89576-453d-18fa-16f4-a5e8db8fefe1}\@
[2008/04/14 08:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\{bff89576-453d-18fa-16f4-a5e8db8fefe1}\@

========== LOP Check ==========

[2012/06/09 08:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/08/03 16:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/06/14 11:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2012/07/23 17:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2011/04/03 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2012/08/03 16:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/29 18:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/04/30 15:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/12/28 15:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/02 19:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\GIRDAC
[2012/05/04 21:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Active Disk
[2012/06/09 08:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Autodesk
[2012/07/23 17:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\AVG2012
[2012/03/10 11:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\EurekaLog
[2012/08/03 18:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\FileZilla
[2011/11/05 12:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\GIRDAC
[2012/04/16 22:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\gtk-2.0
[2011/03/26 19:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Leadertech
[2011/12/06 19:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\MSNInstaller
[2012/02/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Razer
[2011/12/28 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\TestApp
[2011/03/29 09:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Thunderbird
[2011/04/18 20:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\V-Safe

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 08:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 08:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
05-Aug-2012, 07:37 PM #7
Hi,

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help.
----------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
06-Aug-2012, 01:04 PM #8
Hi Jeff, Thanks again for working with me to solve this problem.

I downloaded combofix and followed directions. After 3 hrs. I went to bed and during the noght the power went off. Computer was dead in the water. Tried windows recovery, safe mode etc. - nothing. Installed a new ssd this morn. and am in the process of reinstalling software. First installed AVG and Malwarebytes and have a number of questions:

1) Any other security recommendations? AVG & MAB good choices? Firewall other than windows? etc.

2) What is the possibility of this infection having spread to:
a. my internal 1tb data drive
b. my external backup drive
c. my wife's laptop connected to the same wifi (she has kaspersky and mab already)

3) Is there a way to recover info (Thunderbird address book old e-mails, quickbooks files etc.) off of the old infected drive

Thanks,
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
06-Aug-2012, 04:06 PM #9
Quote:
am in the process of reinstalling software
Did you format your system?
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
06-Aug-2012, 04:41 PM #10
new ssd hard drive, formatted

Last edited by OneTooMany; 06-Aug-2012 at 04:55 PM..
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
06-Aug-2012, 05:08 PM #11
I currently have my internal HD (data storage) disconnected as well as my external backup hd until I hear from you. New os hd installed, infected os hd removed.

Thanks,
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
06-Aug-2012, 06:22 PM #12
btw We just moved to TN this past week.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
07-Aug-2012, 09:34 AM #13
Hi,

Where in TN?
-------

Quote:
Any other security recommendations? AVG & MAB good choices? Firewall other than windows? etc.
MBAM is great and would keep. For an antivirus program I only recommend either of the following:
Microsoft Security Essentials
Avast

If you are not using a secured wireless router I would recommend either of these two firewalls...
Online Armor Free
Agnitum Outpost Firewall Free
========

Quote:
What is the possibility of this infection having spread to:
a. my internal 1tb data drive
b. my external backup drive
c. my wife's laptop connected to the same wifi (she has kaspersky and mab already)
Not likely for any of these....this infection does not seem to jump....as long as you only backed up personal files, known data, pics, music etc. but no actual programs.
=========

Quote:
Is there a way to recover info (Thunderbird address book old e-mails, quickbooks files etc.) off of the old infected drive
If you wanted to do so you could drop that drive back into your system and just copy the files that you still wanted to keep and you should be just fine.
OneTooMany's Avatar
OneTooMany OneTooMany is offline
Computer Specs
Member with 9 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
07-Aug-2012, 10:54 AM #14
Thanks Jeff for all of your help! I will follow your recommendations. Avast looks good for my needs, especially since I learned about zero day protection, which I always wondered about (and I like layers of protection) I have a Comcast wireless router (WPA2) Is that sufficient or is a firewall still needed? I was also wondering why Malwarebytes didn't seem to detect the infection?

This has been a great education. Time to mark it as solved?

Cosby, TN foot of the "quiet side" of the Smokys. Stop in for a visit, you are more than welcome.
jeffce's Avatar
jeffce   (Jeff) jeffce is offline jeffce is authorized to help remove malware.
jeffce has a Photo Album
Malware Removal Specialist with 1,727 posts.
 
Join Date: May 2011
07-Aug-2012, 11:57 AM #15
Thanks for the invite.

Quote:
I have a Comcast wireless router (WPA2) Is that sufficient or is a firewall still needed?
That should be fine yes.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑