1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Fraudpack

Discussion in 'Virus & Other Malware Removal' started by BigDude3, Apr 9, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    Hello T-S Guys...

    Need a bit of help pls...I was infected with the "Trojan.Fraudpack" (as per MalwareBytes)..I have been able (by disconnecting from the Modem) to (I think) get it removed using MalwareBytes but I still am not able to get onto the 'Net using IE and my Realplayer doe not connect either. Below is the latest run from MalwareBytes and after that the latest Hijack this log.


    Thanks..

    Malwarebytes' Anti-Malware 1.45
    www.malwarebytes.org

    Database version: 3972

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/9/2010 4:30:23 PM
    mbam-log-2010-04-09 (16-30-23).txt

    Scan type: Full scan (F:\|)
    Objects scanned: 242843
    Time elapsed: 1 hour(s), 26 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    F:\Documents and Settings\HelpAssistant\Local Settings\Application Data\veijfrchm\vcqojuktssd.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{F0CD5A81-2B8A-4BDF-8CCF-40D75E87C773}\RP2\A0002270.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:38:52 PM, on 4/9/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\LEXBCES.EXE
    F:\WINDOWS\system32\rundll32.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\system32\LEXPPS.EXE
    F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    f:\program files\common files\mcafee\mna\mcnasvc.exe
    f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\MsPMSPSv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\rundll32.exe
    f:\PROGRA~1\mcafee.com\agent\mcagent.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    F:\Program Files\Common Files\Real\Update_OB\realsched.exe
    F:\Program Files\iPod\bin\iPodService.exe
    F:\Program Files\Wise Registry Cleaner\WiseRegistryCleaner.exe
    F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
    O4 - HKLM\..\Run: [mcagent_exe] "F:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Google Sidewiki... - res://F:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155250172609
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164289608109
    O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file://D:\WEBPULL\SUPPORT\DISC\ASP\TOOLS\EN\bin\npseatools.cab
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - F:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - F:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Lan Discover Agent (magaService) - Unknown owner - F:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - F:\Program Files\Dell Support Center\bin\sprtsvc.exe

    --
    End of file - 8449 bytes
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    sorry for the late reply, do you still need help with your machine?

    Please run the following:


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in


      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.


    NEXT




    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
    [/QUOTE]
     
  3. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    Well I did get it working again..although I don't remember how. Just to be safe I will run thru you're fix as well:

    OTL logfile created on: 6/1/2010 2:16:53 PM - Run 1
    OTL by OldTimer - Version 3.2.5.2 Folder = F:\Documents and Settings\Dennis\My Documents
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 193.00 Mb Available Physical Memory | 38.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
    Drive C: | 74.46 Gb Total Space | 12.32 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
    Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    Drive F: | 372.60 Gb Total Space | 245.73 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOME
    Current User Name: Dennis
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Minimal
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - F:\Documents and Settings\Dennis\My Documents\OTL.exe (OldTimer Tools)
    PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    PRC - F:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    PRC - f:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - F:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    PRC - F:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
    PRC - f:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    PRC - f:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    PRC - F:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
    PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - F:\Documents and Settings\Dennis\My Documents\OTL.exe (OldTimer Tools)
    MOD - F:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
    MOD - F:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (magaService) -- File not found
    SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (McODS) -- F:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (McShield) -- F:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
    SRV - (McSysmon) -- F:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- F:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
    SRV - (MpfService) -- F:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
    SRV - (McProxy) -- f:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
    SRV - (McNASvc) -- f:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
    SRV - (McAfee SiteAdvisor Service) -- F:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
    SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- F:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (Roxio UPnP Renderer 9) -- F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
    SRV - (Roxio Upnp Server 9) -- F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
    SRV - (DSBrokerService) -- F:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (CCALib8) -- F:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
    SRV - (IDriverT) -- F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (mfeavfk) -- F:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfesmfk) -- F:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
    DRV - (mfebopk) -- F:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - (mferkdk) -- F:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
    DRV - (mfehidk) -- F:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (HSF_DP) -- F:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (HSFHWBS2) -- F:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- F:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (MPFP) -- F:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
    DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (gameenum) -- F:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (usbaudio) USB Audio Driver (WDM) -- F:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
    DRV - (ovt519) -- F:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
    DRV - (RxFilter) -- F:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
    DRV - (DLADResM) -- F:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
    DRV - (DLAUDF_M) -- F:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
    DRV - (DLAUDFAM) -- F:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
    DRV - (DLABMFSM) -- F:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
    DRV - (DLAOPIOM) -- F:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
    DRV - (DLABOIOM) -- F:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
    DRV - (DLAPoolM) -- F:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
    DRV - (DLAIFS_M) -- F:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
    DRV - (DRVMCDB) -- F:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
    DRV - (dsunidrv) -- F:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
    DRV - (DLARTL_M) -- F:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
    DRV - (DLACDBHM) -- F:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
    DRV - (Cdralw2k) -- F:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
    DRV - (Cdr4_xp) -- F:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
    DRV - (DRVNDDM) -- F:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
    DRV - (DSproct) -- F:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
    DRV - (P16X) Creative SB Live! Series (WDM) -- F:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- F:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- F:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (CVirtA) -- F:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
    DRV - (EMATCORE) -- F:\WINDOWS\system32\drivers\AtlsVid.sys (Dell Computer Corporation)
    DRV - (AtlsAud) -- F:\WINDOWS\system32\drivers\AtlsAud.sys (Dell Computer Corporation)
    DRV - (OMCI) -- F:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
    DRV - (MODEMCSA) -- F:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
    DRV - (PfModNT) -- F:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)
    DRV - (Aspi32) -- F:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}: F:\Documents and Settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E} [2010/01/24 11:30:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/28 15:14:18 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: F:\Program Files\McAfee\SiteAdvisor [2010/06/01 07:14:51 | 000,000,000 | ---D | M]

    [2009/07/29 19:59:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\extensions
    [2008/10/23 12:10:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2006/09/24 23:43:33 | 000,001,406 | ---- | M] () -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\searchplugins\siteadvisor.gif
    [2006/09/24 23:43:33 | 000,000,276 | ---- | M] () -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\searchplugins\siteadvisor.src
    [2006/09/24 09:26:15 | 002,078,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2006/12/06 14:46:58 | 000,000,710 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll File not found
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155250172609 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164289608109 (MUWebControl Class)
    O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (GSDACtl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} file://D:\WEBPULL\SUPPORT\DISC\ASP\TOOLS\EN\bin\npseatools.cab (Seagate SeaTools English Online)
    O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab (Dell PC Checkup Installer Control)
    O16 - DPF: DirectAnimation Java Classes file://F:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://F:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: F:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: F:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2005/10/18 17:09:17 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
    O32 - AutoRun File - [2005/10/15 02:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2005/10/15 02:42:09 | 000,004,118 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (smrgdf F:\Program Files\iolo\System Mechanic Professional 6\) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - F:\WINDOWS\system32\ias [2006/08/10 18:23:02 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: LanmanWorkstation - File not found
    NetSvcs: Messenger - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/01 14:14:04 | 000,571,392 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Dennis\My Documents\OTL.exe
    [2010/05/10 09:35:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\SiteAdvisor
    [2010/05/10 09:31:59 | 000,040,552 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mfesmfk.sys
    [2010/05/10 09:31:58 | 000,079,816 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010/05/10 09:31:58 | 000,035,272 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mfebopk.sys
    [2010/05/10 09:31:52 | 000,120,136 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\Mpfp.sys
    [2010/05/10 09:30:53 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\McAfee
    [2010/05/10 09:30:52 | 000,000,000 | ---D | C] -- F:\Program Files\McAfee.com
    [2010/05/10 09:30:20 | 000,000,000 | ---D | C] -- F:\Program Files\McAfee
    [2010/05/10 09:26:00 | 000,034,248 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mferkdk.sys
    [2010/05/10 09:18:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\McAfee
    [2010/05/10 08:44:27 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Citrix
    [2010/05/10 08:38:41 | 000,000,000 | ---D | C] -- F:\Program Files\Citrix
    [2010/05/10 08:38:37 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Local Settings\Application Data\Citrix
    [2010/05/07 22:04:52 | 000,000,000 | R--D | C] -- F:\Documents and Settings\All Users\Documents\My Pictures
    [2010/05/02 12:21:34 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
    [2010/05/02 12:14:40 | 000,000,000 | ---D | C] -- F:\Program Files\Bonjour
    [2010/04/25 12:44:37 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Dennis\Desktop\New Briefcase
    [2010/04/21 20:33:44 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\My Documents\My Garmin
    [2010/04/21 16:54:54 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\GARMIN
    [2010/04/21 16:54:47 | 000,000,000 | ---D | C] -- F:\Program Files\Garmin GPS Plugin
    [2010/04/21 16:54:20 | 000,000,000 | ---D | C] -- F:\Program Files\DIFX
    [2010/04/21 16:53:31 | 000,000,000 | ---D | C] -- F:\Program Files\Garmin
    [2010/04/17 21:12:16 | 000,000,000 | -H-D | C] -- F:\WINDOWS\ie8
    [2010/04/14 17:06:11 | 000,000,000 | ---D | C] -- F:\Program Files\Spybot - Search & Destroy
    [2010/04/14 17:06:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/04/10 12:32:39 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\avG
    [2010/04/09 01:47:01 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
    [2010/04/08 19:43:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Local Settings\Application Data\veijfrchm
    [2010/04/04 17:21:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/03/30 16:28:21 | 000,000,000 | ---D | C] -- F:\Program Files\VS Revo Group
    [2010/03/28 08:32:26 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\xing shared
    [2010/03/28 08:28:35 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\SightSpeed
    [2010/03/28 08:28:35 | 000,000,000 | ---D | C] -- F:\Program Files\CONEXANT
    [2010/03/28 08:28:30 | 000,000,000 | ---D | C] -- F:\Program Files\SightSpeed
    [2010/03/28 08:27:28 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\SureThing Shared
    [2010/03/28 08:27:19 | 000,000,000 | ---D | C] -- F:\Program Files\InterActual
    [2010/03/28 08:27:02 | 000,000,000 | ---D | C] -- F:\Program Files\EA GAMES
    [2010/03/27 17:52:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Application Data\Auslogics(2)
    [2010/03/27 17:30:19 | 000,000,000 | ---D | C] -- F:\Program Files\Auslogics(2)
    [2006/08/10 18:43:37 | 000,065,536 | ---- | C] ( ) -- F:\WINDOWS\System32\A3d.dll
    [1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/06/01 14:14:06 | 000,571,392 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Dennis\My Documents\OTL.exe
    [2010/06/01 14:06:15 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
    [2010/06/01 14:06:15 | 000,000,280 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    [2010/06/01 14:06:10 | 000,000,278 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    [2010/06/01 13:33:59 | 000,007,267 | ---- | M] () -- F:\WINDOWS\System32\Config.MPF
    [2010/06/01 13:33:32 | 000,000,310 | -HS- | M] () -- F:\WINDOWS\tasks\IGJJ.job
    [2010/06/01 13:33:32 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
    [2010/06/01 13:33:26 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
    [2010/06/01 13:32:36 | 006,291,456 | ---- | M] () -- F:\Documents and Settings\Dennis\ntuser.dat
    [2010/06/01 13:32:36 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\Dennis\ntuser.ini
    [2010/06/01 07:19:46 | 000,000,288 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    [2010/05/31 18:30:29 | 002,275,040 | -H-- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\IconCache.db
    [2010/05/31 17:42:54 | 000,000,424 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
    [2010/05/14 15:47:29 | 000,000,483 | ---- | M] () -- F:\WINDOWS\LEXSTAT.INI
    [2010/05/13 20:40:16 | 000,077,312 | ---- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/12 08:10:42 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
    [2010/05/11 07:16:12 | 000,001,127 | ---- | M] () -- F:\WINDOWS\win.ini
    [2010/05/11 07:16:12 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
    [2010/05/10 09:35:24 | 000,000,671 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
    [2010/05/10 08:38:37 | 000,103,784 | ---- | M] () -- F:\Documents and Settings\Dennis\GoToAssistDownloadHelper.exe
    [2010/05/10 08:33:53 | 000,000,342 | ---- | M] () -- F:\WINDOWS\tasks\McDefragTask.job
    [2010/05/10 08:33:51 | 000,000,320 | ---- | M] () -- F:\WINDOWS\tasks\McQcTask.job
    [2010/05/10 08:07:52 | 000,000,472 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/05/09 16:07:00 | 000,000,286 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    [2010/05/02 12:22:58 | 000,001,804 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/23 19:38:27 | 006,291,456 | ---- | M] () -- F:\Documents and Settings\Dennis\ntuser.bak
    [2010/04/23 12:34:01 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/04/10 12:37:48 | 000,014,900 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\5gQ6x4F
    [2010/04/08 19:42:21 | 000,091,648 | RHS- | M] () -- F:\WINDOWS\System32\cryptuip.dll
    [2010/04/02 12:46:36 | 000,000,661 | ---- | M] () -- F:\Documents and Settings\Dennis\Desktop\Revo Uninstaller.lnk
    [2010/03/28 15:14:20 | 000,000,747 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
    [2010/03/28 15:12:07 | 000,278,528 | ---- | M] (Real Networks, Inc) -- F:\WINDOWS\System32\pncrt.dll
    [2010/03/28 08:43:57 | 000,035,696 | ---- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/03/28 08:34:37 | 000,167,504 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
    [2010/03/28 03:21:06 | 000,000,744 | ---- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\FASTWiz.html
    [2010/03/15 20:28:32 | 000,456,860 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
    [2010/03/15 20:28:32 | 000,078,408 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
    [2010/03/15 20:28:31 | 000,545,570 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
    [1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/10 09:35:49 | 000,007,267 | ---- | C] () -- F:\WINDOWS\System32\Config.MPF
    [2010/05/10 09:35:24 | 000,000,671 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
    [2010/05/10 08:38:36 | 000,103,784 | ---- | C] () -- F:\Documents and Settings\Dennis\GoToAssistDownloadHelper.exe
    [2010/05/10 08:33:52 | 000,000,342 | ---- | C] () -- F:\WINDOWS\tasks\McDefragTask.job
    [2010/05/10 08:33:51 | 000,000,320 | ---- | C] () -- F:\WINDOWS\tasks\McQcTask.job
    [2010/05/02 12:22:58 | 000,001,804 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/15 10:27:53 | 000,000,000 | -H-- | C] () -- F:\Documents and Settings\Dennis\ntuser.rhk.LOG
    [2010/04/10 12:31:54 | 000,014,900 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\5gQ6x4F
    [2010/04/08 19:42:22 | 000,000,310 | -HS- | C] () -- F:\WINDOWS\tasks\IGJJ.job
    [2010/04/08 19:42:21 | 000,091,648 | RHS- | C] () -- F:\WINDOWS\System32\cryptuip.dll
    [2010/04/02 12:46:36 | 000,000,661 | ---- | C] () -- F:\Documents and Settings\Dennis\Desktop\Revo Uninstaller.lnk
    [2010/03/28 15:14:20 | 000,000,747 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
    [2010/03/27 12:43:02 | 000,000,744 | ---- | C] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\FASTWiz.html
    [2010/03/27 12:07:56 | 000,163,459 | ---- | C] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\FASTWiz.log
    [2010/03/24 22:31:43 | 000,000,278 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    [2010/03/24 22:31:42 | 000,000,286 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    [2010/03/21 09:55:54 | 000,000,288 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    [2010/03/21 09:55:54 | 000,000,280 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    [2009/09/07 11:29:44 | 004,455,865 | ---- | C] () -- F:\WINDOWS\System32\libavcodec.dll
    [2009/09/06 10:52:04 | 000,828,611 | ---- | C] () -- F:\WINDOWS\System32\ff_x264.dll
    [2009/09/02 16:23:04 | 000,183,296 | ---- | C] () -- F:\WINDOWS\System32\ff_samplerate.dll
    [2009/09/02 16:22:58 | 000,178,688 | ---- | C] () -- F:\WINDOWS\System32\ff_libmad.dll
    [2009/09/02 16:22:40 | 000,113,152 | ---- | C] () -- F:\WINDOWS\System32\ff_unrar.dll
    [2009/09/02 16:22:18 | 000,146,944 | ---- | C] () -- F:\WINDOWS\System32\ff_tremor.dll
    [2009/09/02 16:22:10 | 000,257,024 | ---- | C] () -- F:\WINDOWS\System32\ff_libdts.dll
    [2009/09/02 16:22:06 | 000,142,848 | ---- | C] () -- F:\WINDOWS\System32\ff_liba52.dll
    [2009/09/02 16:22:00 | 000,484,864 | ---- | C] () -- F:\WINDOWS\System32\ff_libfaad2.dll
    [2009/09/02 12:45:34 | 000,829,781 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
    [2009/09/02 12:38:44 | 000,425,040 | ---- | C] () -- F:\WINDOWS\System32\TomsMoComp_ff.dll
    [2009/09/02 12:35:12 | 000,557,003 | ---- | C] () -- F:\WINDOWS\System32\libmplayer.dll
    [2009/09/02 12:01:48 | 000,146,098 | ---- | C] () -- F:\WINDOWS\System32\libmpeg2_ff.dll
    [2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- F:\WINDOWS\System32\ff_kernelDeint.dll
    [2009/08/21 12:48:29 | 000,000,062 | ---- | C] () -- F:\WINDOWS\st_affiliate.ini
    [2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- F:\WINDOWS\System32\ff_wmv9.dll
    [2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
    [2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- F:\WINDOWS\System32\ts.dll
    [2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- F:\WINDOWS\System32\mkx.dll
    [2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- F:\WINDOWS\System32\avi.dll
    [2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- F:\WINDOWS\System32\mp4.dll
    [2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- F:\WINDOWS\System32\ogm.dll
    [2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- F:\WINDOWS\System32\mmfinfo.dll
    [2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- F:\WINDOWS\System32\avss.dll
    [2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- F:\WINDOWS\System32\dxr.dll
    [2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- F:\WINDOWS\System32\avs.dll
    [2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- F:\WINDOWS\System32\mkzlib.dll
    [2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- F:\WINDOWS\System32\mkunicode.dll
    [2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
    [2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- F:\WINDOWS\System32\qt-dx331.dll
    [2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- F:\WINDOWS\System32\dtu100.dll.manifest
    [2008/05/16 15:01:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/16 15:01:00 | 001,486,848 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
    [2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
    [2008/05/16 15:01:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
    [2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
    [2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- F:\WINDOWS\System32\Registration.ini
    [2007/09/02 15:59:30 | 000,001,576 | ---- | C] () -- F:\WINDOWS\wininit.ini
    [2007/08/25 21:23:13 | 000,215,144 | R--- | C] () -- F:\WINDOWS\patchw32.dll
    [2007/08/25 21:21:53 | 000,215,144 | R--- | C] () -- F:\WINDOWS\pw32a.dll
    [2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest
    [2007/06/14 18:56:26 | 000,000,137 | ---- | C] () -- F:\WINDOWS\System32\MRT.INI
    [2007/04/19 09:44:16 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\px.ini
    [2006/09/19 20:27:16 | 000,000,699 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
    [2006/09/04 09:15:47 | 000,143,384 | ---- | C] () -- F:\WINDOWS\System32\CSGina.dll
    [2006/08/15 10:54:59 | 000,000,737 | ---- | C] () -- F:\WINDOWS\ODBC.INI
    [2006/08/11 10:52:34 | 000,000,483 | ---- | C] () -- F:\WINDOWS\LEXSTAT.INI
    [2006/08/11 10:51:33 | 000,000,188 | ---- | C] () -- F:\WINDOWS\System32\lxbacoin.ini
    [2006/08/11 10:51:21 | 000,077,824 | ---- | C] () -- F:\WINDOWS\System32\LXBALCNP.DLL
    [2006/08/10 18:44:14 | 000,000,231 | ---- | C] () -- F:\WINDOWS\AC3API.INI
    [2006/08/10 18:43:38 | 000,047,616 | ---- | C] () -- F:\WINDOWS\System32\P16X.dll
    [2006/08/10 18:43:38 | 000,002,092 | ---- | C] () -- F:\WINDOWS\System32\P16X.ini
    [2006/08/10 18:43:38 | 000,000,026 | ---- | C] () -- F:\WINDOWS\System32\ctzapxx.ini
    [2006/08/10 18:43:35 | 000,006,175 | ---- | C] () -- F:\WINDOWS\MIXDEF.INI
    [2006/08/10 18:43:35 | 000,005,917 | ---- | C] () -- F:\WINDOWS\SBMIXDEF.INI
    [2006/08/10 18:43:34 | 000,000,064 | ---- | C] () -- F:\WINDOWS\P16x.ini
    [2006/08/10 18:42:55 | 000,000,245 | ---- | C] () -- F:\WINDOWS\SBWIN.INI
    [2006/08/10 18:34:53 | 000,012,288 | ---- | C] () -- F:\WINDOWS\System32\e100bmsg.dll
    [2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- F:\WINDOWS\System32\libeay32.dll
    [2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- F:\WINDOWS\System32\ssleay32.dll
    [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- F:\WINDOWS\System32\ODBCSTF.DLL
    [1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- F:\WINDOWS\System32\DOCOBJ.DLL
    [1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- F:\WINDOWS\System32\HLINKPRX.DLL

    ========== LOP Check ==========

    [2010/04/10 12:32:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\avG
    [2010/05/10 08:44:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Citrix
    [2010/04/21 16:54:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\GARMIN
    [2007/04/27 17:45:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Napster
    [2009/08/26 14:51:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2007/11/26 14:26:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/05/27 09:46:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
    [2009/03/17 17:39:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/04 17:23:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/17 20:36:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/04/09 01:47:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
    [2009/04/11 13:02:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/06/24 10:11:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Aim
    [2010/03/28 08:26:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Auslogics(2)
    [2009/03/19 17:25:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Firaxis Games
    [2010/04/21 20:39:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\GARMIN
    [2009/03/09 18:51:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\IObit
    [2007/05/09 17:13:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\iolo
    [2009/03/18 13:25:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\My Games
    [2009/04/13 12:40:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Uniblue
    [2009/12/28 17:09:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Windows Search
    [2010/05/10 08:07:52 | 000,000,472 | ---- | M] () -- F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/06/01 13:33:32 | 000,000,310 | -HS- | M] () -- F:\WINDOWS\Tasks\IGJJ.job
    [2010/05/10 08:33:53 | 000,000,342 | ---- | M] () -- F:\WINDOWS\Tasks\McDefragTask.job
    [2010/05/10 08:33:51 | 000,000,320 | ---- | M] () -- F:\WINDOWS\Tasks\McQcTask.job
    [2010/05/31 17:42:54 | 000,000,424 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
    [2009/05/18 15:14:11 | 000,000,466 | ---- | M] () -- F:\WINDOWS\Tasks\Wise Registry Cleaner 4.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- F:\StubInstaller.exe


    < MD5 for: AGP440.SYS >
    [2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
    [2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- F:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2002/09/03 15:56:52 | 010,158,890 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
    [2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
    [2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2002/09/03 15:33:39 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- F:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
    [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- F:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll
    [2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll
    [2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2010/04/08 19:42:21 | 000,091,648 | RHS- | M] () Unable to obtain MD5 -- F:\WINDOWS\system32\cryptuip.dll

    < %systemroot%\Tasks\*.job /lockedfiles >
    [2010/06/01 13:33:32 | 000,000,310 | -HS- | M] () Unable to obtain MD5 -- F:\WINDOWS\Tasks\IGJJ.job

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/08/10 14:14:40 | 000,094,208 | ---- | M] () -- F:\WINDOWS\system32\config\default.sav
    [2006/08/10 14:14:40 | 000,626,688 | ---- | M] () -- F:\WINDOWS\system32\config\software.sav
    [2006/08/10 14:14:40 | 000,434,176 | ---- | M] () -- F:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\drivers\*.sys /90 >
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\system32\drivers\mbam.sys
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\system32\drivers\mbamswissarmy.sys

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> F:\Documents and Settings\Dennis\My Documents\Untitled.rcl:Roxio EMC Stream
    @Alternate Data Stream - 125 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 124 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5B132D3E
    @Alternate Data Stream - 103 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:C895616B
    < End of report >


    OTL Extras logfile created on: 6/1/2010 2:16:53 PM - Run 1
    OTL by OldTimer - Version 3.2.5.2 Folder = F:\Documents and Settings\Dennis\My Documents
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 193.00 Mb Available Physical Memory | 38.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
    Drive C: | 74.46 Gb Total Space | 12.32 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
    Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    Drive F: | 372.60 Gb Total Space | 245.73 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HOME
    Current User Name: Dennis
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Minimal
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services
    "2479:TCP" = 2479:TCP:*:Enabled:Services
    "3246:TCP" = 3246:TCP:*:Enabled:Services
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "4148:TCP" = 4148:TCP:*:Enabled:Services
    "2640:TCP" = 2640:TCP:*:Enabled:Services
    "2070:TCP" = 2070:TCP:*:Enabled:Services
    "7961:TCP" = 7961:TCP:*:Enabled:Services
    "7962:TCP" = 7962:TCP:*:Enabled:Services

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "990:TCP" = 990:TCP:*:Enabled:phone
    "999:TCP" = 999:TCP:*:Enabled:phone
    "5678:TCP" = 5678:TCP:*:Enabled:phone
    "5679:UDP" = 5679:UDP:*:Enabled:phone
    "5721:TCP" = 5721:TCP:*:Enabled:phone
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "65533:TCP" = 65533:TCP:*:Enabled:Services
    "52344:TCP" = 52344:TCP:*:Enabled:Services
    "2479:TCP" = 2479:TCP:*:Enabled:Services
    "3246:TCP" = 3246:TCP:*:Enabled:Services
    "3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
    "4148:TCP" = 4148:TCP:*:Enabled:Services
    "2640:TCP" = 2640:TCP:*:Enabled:Services
    "2070:TCP" = 2070:TCP:*:Enabled:Services
    "7961:TCP" = 7961:TCP:*:Enabled:Services
    "7962:TCP" = 7962:TCP:*:Enabled:Services

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "F:\Program Files\GameSpy Arcade\Aphex.exe" = F:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
    "F:\WINDOWS\system32\wjview.exe" = F:\WINDOWS\system32\wjview.exe:*:Enabled:Microsoft® VM Command Line Interpreter -- (Microsoft Corporation)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
    "F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" = F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe:*:Enabled:RoxMMTrayApp Module -- (Sonic Solutions)
    "F:\Program Files\QuickTime\QuickTimePlayer.exe" = F:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
    "F:\Documents and Settings\Dennis\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = F:\Documents and Settings\Dennis\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
    "F:\Program Files\Real\realplay.exe" = F:\Program Files\Real\realplay.exe:*:Enabled:RealPlayer -- File not found
    "F:\Program Files\SightSpeed\SightSpeed.exe" = F:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
    "F:\WINDOWS\system32\mmc.exe" = F:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "F:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = F:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- File not found
    "F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio RecordNow Tools
    "{0D330013-4A99-46D6-83C6-2C959C68DBFF}" = Roxio DVD Info Pro
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio RecordNow Data
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
    "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio RecordNow Copy
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6E2B7A41-5ACC-4797-95C7-2BE64388028B}" = Garmin City Navigator North America NT 2010.10
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{787F2DC2-1699-44FA-A72F-9107166AF9CC}" = Roxio Content 9
    "{79922D4F-BF47-42A2-902E-EF81B7A3750D}" = Roxio XingTones
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio RecordNow Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
    "{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Atlantis
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
    "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator 9 Home
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F5467B7C-C929-4C1A-B4E9-E7C376E2DF08}" = Roxio SightSpeed
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200214F1" = SoftV92 Data Fax Modem
    "Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.0
    "Creative Jukebox Driver" = Creative Jukebox Driver
    "CSCLIB" = Canon Camera Support Core Library
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "EOS Utility" = Canon Utilities EOS Utility
    "ERUNT_is1" = ERUNT 1.1j
    "HijackThis" = HijackThis 2.0.2
    "ie8" = Windows Internet Explorer 8
    "IGN Download Manager" = IGN Download Manager 2.2.2
    "InstallShield_{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Dell Movie Studio Diagnostics
    "Lexmark X5100 Series" = Lexmark X5100 Series
    "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MSC" = McAfee SecurityCenter
    "NVIDIA Drivers" = NVIDIA Drivers
    "Office8.0" = Microsoft Office 97, Professional Edition
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "Revo Uninstaller" = Revo Uninstaller 1.85
    "SightSpeed" = SightSpeed
    "SM1FX_AT" = USB Storage Adapter FX (SM1)
    "SystemRequirementsLab" = System Requirements Lab
    "VisiPics_is1" = VisiPics V1.30
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.21
    "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.3
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
    "f031ef6ac137efc5" = Dell Driver Download Manager

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/9/2010 6:36:17 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/9/2010 6:42:35 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/9/2010 6:43:44 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/9/2010 6:55:24 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/9/2010 8:26:21 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/9/2010 8:29:09 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/9/2010 8:31:37 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/10/2010 6:48:28 AM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/10/2010 7:19:21 AM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    Error - 5/10/2010 7:49:14 AM | Computer Name = HOME | Source = McLogEvent | ID = 5046
    Description = The McShield scanning service cannot find any configuration in the
    registry

    [ System Events ]
    Error - 5/2/2010 10:30:35 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
    Description = The IPSEC Services service terminated with the following error: %%1747

    Error - 5/2/2010 10:32:00 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the mcmscsvc service.

    Error - 5/2/2010 12:34:55 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
    Description = The IPSEC Services service terminated with the following error: %%1747

    Error - 5/2/2010 5:45:51 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
    Description = The IPSEC Services service terminated with the following error: %%1747

    Error - 5/2/2010 8:46:25 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
    Description = The IPSEC Services service terminated with the following error: %%1747

    Error - 5/2/2010 8:47:20 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the mcmscsvc service.

    Error - 5/3/2010 11:32:41 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
    Description = The IPSEC Services service terminated with the following error: %%1747

    Error - 5/3/2010 6:07:20 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
    Description = The IPSEC Services service terminated with the following error: %%1747

    Error - 5/4/2010 11:25:43 AM | Computer Name = HOME | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.3 for the Network Card with network
    address 0007E967CA23 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
    sent a DHCPNACK message).

    Error - 5/4/2010 11:26:04 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
    Description = The IPSEC Services service terminated with the following error: %%1747


    < End of report >
     

    Attached Files:

  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    You are still badly infected, please do the following:


    Run OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      [2010/04/08 19:43:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Local Settings\Application Data\veijfrchm
      [2010/04/10 12:37:48 | 000,014,900 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\5gQ6x4F
      [2010/04/08 19:42:21 | 000,091,648 | RHS- | M] () -- F:\WINDOWS\System32\cryptuip.dll
      [2010/04/08 19:42:22 | 000,000,310 | -HS- | C] () -- F:\WINDOWS\tasks\IGJJ.job
      
      :Commands
      [resethosts]
      [emptyflash]
      [purity]
      [emptytemp]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then post the OTL log


    NEXT


    Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
    Close out all other open programs and windows.

    Double click the file to run it and follow any prompts.

    If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

    Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

    helpasst -mbrt

    Make sure you leave a space between helpasst and -mbrt !

    When it completes, a log will open.

    Please post the contents of that log.

    *In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

    mbr -f

    Now, please do the Start>Run>mbr -f command a second time.

    Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

    Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

    helpasst -mbrt

    Make sure you leave a space between helpasst and -mbrt !

    When it completes, a log will open.

    Please post the contents of that log.


    **Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
     
  5. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    F:\Documents and Settings\Dennis\Local Settings\Application Data\veijfrchm folder moved successfully.
    F:\Documents and Settings\All Users\Application Data\5gQ6x4F moved successfully.
    F:\WINDOWS\system32\cryptuip.dll moved successfully.
    File F:\Documents and Settings\All Users\Application Data\5gQ6x4F not found.
    F:\WINDOWS\tasks\IGJJ.job moved successfully.
    ========== COMMANDS ==========
    F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: Dennis
    ->Flash cache emptied: 7990 bytes

    User: Guest
    ->Flash cache emptied: 15066 bytes

    User: HelpAssistant
    ->Flash cache emptied: 97332 bytes

    User: Kathy
    ->Flash cache emptied: 64686 bytes

    User: LocalService

    User: Mark
    ->Flash cache emptied: 11669 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Dennis
    ->Temp folder emptied: 4133691 bytes
    ->Temporary Internet Files folder emptied: 83098891 bytes
    ->Java cache emptied: 162285 bytes
    ->FireFox cache emptied: 1492544 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 1857136 bytes
    ->Temporary Internet Files folder emptied: 1050705761 bytes
    ->Java cache emptied: 1134232 bytes
    ->FireFox cache emptied: 24910243 bytes
    ->Flash cache emptied: 0 bytes

    User: HelpAssistant
    ->Temp folder emptied: 44871972 bytes
    ->Temporary Internet Files folder emptied: 487344645 bytes
    ->Java cache emptied: 4232673 bytes
    ->FireFox cache emptied: 16356326 bytes
    ->Flash cache emptied: 0 bytes

    User: Kathy
    ->Temp folder emptied: 2855187 bytes
    ->Temporary Internet Files folder emptied: 156051538 bytes
    ->Java cache emptied: 232449 bytes
    ->FireFox cache emptied: 12337045 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65748 bytes
    ->Temporary Internet Files folder emptied: 327881 bytes

    User: Mark
    ->Temp folder emptied: 19456 bytes
    ->Temporary Internet Files folder emptied: 344358 bytes
    ->Java cache emptied: 2695403 bytes
    ->FireFox cache emptied: 84047080 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 550921 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2407781 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32969 bytes
    RecycleBin emptied: 31428932 bytes

    Total Files Cleaned = 1,920.00 mb


    OTL by OldTimer - Version 3.2.5.2 log created on 06012010_171136

    Files\Folders moved on Reboot...
    F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\UWFCIRVW\md[1].htm moved successfully.
    F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\MMZCWMG0\welcome[2].htm moved successfully.
    F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\M481UE8F\aceUAC[1].htm moved successfully.
    F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\M481UE8F\st[1] moved successfully.
    F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File\Folder F:\WINDOWS\temp\mcmsc_aTerPleBRmYOTOu not found!
    File\Folder F:\WINDOWS\temp\mcmsc_sSCfNl4UXhGc9bo not found!

    Registry entries deleted on Reboot...


    --------------------------------------------
    F:\Documents and Settings\Dennis\My Documents\HelpAsst_mebroot_fix.exe
    Tue 06/01/2010 at 17:29:14.92

    HelpAssistant account is Active ~ attempting to de-activate

    Account active Yes
    Local Group Memberships *Administrators

    HelpAssistant successfully set Inactive

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll present! ~ attempting to remove
    Remove on reboot: F:\WINDOWS\system32\termsrv32.dll

    ~~ Checking firewall ports ~~

    backing up DomainProfile\GloballyOpenPorts\List registry key
    closing rogue ports

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
    "65533:TCP"=-
    "52344:TCP"=-
    "2479:TCP"=-
    "3246:TCP"=-
    "3389:TCP"=-
    "4148:TCP"=-
    "2640:TCP"=-
    "2070:TCP"=-
    "7961:TCP"=-
    "7962:TCP"=-

    backing up StandardProfile\GloballyOpenPorts\List registry key
    closing rogue ports

    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
    "65533:TCP"=-
    "52344:TCP"=-
    "2479:TCP"=-
    "3246:TCP"=-
    "3389:TCP"=-
    "4148:TCP"=-
    "2640:TCP"=-
    "2070:TCP"=-
    "7961:TCP"=-
    "7962:TCP"=-

    ~~ Checking profile list ~~

    HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1659004503-448539723-682003330-1000
    HelpAssistant profile directory exists at F:\Documents and Settings\HelpAssistant ~ attempting to remove
    ~ All F:\Documents and Settings\HelpAssistant files successfully removed ~

    ~~ Checking mbr ~~

    mbr infection detected! ~ running mbr -f

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x82d32008
    NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82341440
    Warning: possible MBR rootkit infection !
    copy of MBR has been found in sector 0x02E933E00
    malicious code @ sector 0x02E933E03 !
    PE file found in sector at 0x02E933E19 !
    MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
    original MBR restored successfully !

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x82d32008
    NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82341440
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    copy of MBR has been found in sector 0x02E933E00
    malicious code @ sector 0x02E933E03 !
    PE file found in sector at 0x02E933E19 !
    Use "Recovery Console" command "fixmbr" to clear infection !

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Status check on Tue 06/01/2010 at 17:55:11.90

    Account active No
    Local Group Memberships *Administrators

    ~~ Checking mbr ~~

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK
    copy of MBR has been found in sector 0x02E933E00
    malicious code @ sector 0x02E933E03 !
    PE file found in sector at 0x02E933E19 !

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found


    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
    ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking for HelpAssistant directories ~~

    none found

    ~~ Checking firewall ports ~~

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    ~~ EOF ~~
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Good,

    Please do the following:


    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  7. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    Ok here's the last:

    ComboFix 10-06-02.04 - Dennis 06/03/2010 13:52:29.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.237 [GMT -4:00]
    Running from: f:\documents and settings\Dennis\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    f:\documents and settings\Dennis\GoToAssistDownloadHelper.exe
    f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}
    f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\chrome.manifest
    f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\chrome\content\_cfg.js
    f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\chrome\content\overlay.xul
    f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\install.rdf
    f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}
    f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\chrome.manifest
    f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\chrome\content\_cfg.js
    f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\chrome\content\overlay.xul
    f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\install.rdf
    f:\windows\system32\_000005_.tmp.dll
    f:\windows\system32\Data

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
    .

    2010-06-01 21:29 . 2010-06-01 21:29 -------- d-----w- F:\HelpAsst_backup
    2010-06-01 21:11 . 2010-06-01 21:11 -------- d-----w- F:\_OTL
    2010-05-10 13:35 . 2010-05-10 13:35 -------- d-----w- f:\documents and settings\All Users\Application Data\SiteAdvisor
    2010-05-10 13:31 . 2010-02-17 20:52 40552 ----a-w- f:\windows\system32\drivers\mfesmfk.sys
    2010-05-10 13:31 . 2010-02-17 20:52 79816 ----a-w- f:\windows\system32\drivers\mfeavfk.sys
    2010-05-10 13:31 . 2010-02-17 20:52 35272 ----a-w- f:\windows\system32\drivers\mfebopk.sys
    2010-05-10 13:31 . 2009-07-16 16:32 120136 ----a-w- f:\windows\system32\drivers\Mpfp.sys
    2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\Common Files\McAfee
    2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\McAfee.com
    2010-05-10 13:30 . 2010-06-02 22:55 -------- d-----w- f:\program files\McAfee
    2010-05-10 13:26 . 2010-02-17 20:52 34248 ----a-w- f:\windows\system32\drivers\mferkdk.sys
    2010-05-10 13:18 . 2010-05-10 17:34 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
    2010-05-10 12:44 . 2010-05-10 12:44 -------- d-----w- f:\documents and settings\All Users\Application Data\Citrix
    2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\program files\Citrix
    2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\documents and settings\Dennis\Local Settings\Application Data\Citrix

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-03 17:39 . 2008-08-16 14:40 -------- d-----w- f:\program files\Microsoft Silverlight
    2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\program files\Spybot - Search & Destroy
    2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-10 12:56 . 2006-08-12 02:36 -------- d-----w- f:\program files\Lavasoft
    2010-05-10 12:56 . 2007-06-10 14:17 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-10 11:23 . 2009-11-04 00:39 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
    2010-05-02 16:22 . 2006-08-11 00:41 -------- d-----w- f:\program files\iTunes
    2010-05-02 16:21 . 2010-05-02 16:21 -------- d-----w- f:\program files\iPod
    2010-05-02 16:21 . 2007-07-08 13:34 -------- d-----w- f:\program files\Common Files\Apple
    2010-05-02 16:14 . 2010-05-02 16:14 -------- d-----w- f:\program files\Bonjour
    2010-05-02 16:11 . 2010-05-02 16:11 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
    2010-04-29 19:39 . 2009-11-04 00:39 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2009-11-04 00:39 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
    2010-04-24 14:36 . 2010-04-21 20:53 -------- d-----w- f:\program files\Garmin
    2010-04-22 00:39 . 2009-12-28 21:09 -------- d-----w- f:\documents and settings\Dennis\Application Data\GARMIN
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\documents and settings\All Users\Application Data\GARMIN
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\Garmin GPS Plugin
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\DIFX
    2010-04-19 18:11 . 2009-04-14 16:54 -------- d-----w- f:\program files\Wise Registry Cleaner
    2010-04-10 16:32 . 2010-04-10 16:32 -------- d-----w- f:\documents and settings\All Users\Application Data\avG
    2010-04-09 13:01 . 2006-09-12 01:43 35696 ----a-w- f:\documents and settings\Kathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-09 05:47 . 2010-04-09 05:47 -------- dc----w- f:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
    2010-04-09 05:46 . 2010-04-09 05:46 -------- d-----w- f:\documents and settings\Kathy\Application Data\Fighters
    2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- f:\windows\system32\dnssd.dll
    2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- f:\windows\system32\dns-sd.exe
    2010-04-04 21:23 . 2010-04-04 21:21 -------- d-----w- f:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-04 21:12 . 2006-08-11 00:43 -------- d-----w- f:\program files\QuickTime
    2010-04-04 20:47 . 2006-08-11 14:34 -------- d-----w- f:\documents and settings\Dennis\Application Data\Apple Computer
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-28 19:14 . 2010-03-28 19:14 49152 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-28 19:14 . 2010-03-28 19:14 308808 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-28 19:14 . 2010-03-28 19:14 14848 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-03-28 19:14 . 2010-03-28 19:14 40960 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-28 19:12 . 2003-03-19 03:14 499712 ----a-w- f:\windows\system32\msvcp71.dll
    2010-03-28 19:08 . 2010-03-28 19:08 734728 ----a-w- f:\documents and settings\Dennis\Application Data\Real\RealPlayer\setup\AU_setup13.exe
    2010-03-28 12:43 . 2006-08-11 00:34 35696 ----a-w- f:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-19 23:19 . 2010-03-10 15:38 439816 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\setup.exe
    2010-03-19 23:14 . 2010-03-19 23:14 20841968 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
    2010-03-19 23:14 . 2010-03-19 23:14 8405312 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 149000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
    2010-03-19 23:13 . 2010-03-19 23:13 10309448 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 181768 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
    2010-03-19 23:13 . 2010-03-19 23:13 283280 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 79368 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\vista.exe
    2010-03-19 23:12 . 2010-03-19 23:12 64000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
    2010-03-19 23:12 . 2010-03-19 23:12 52288 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
    2010-03-19 23:12 . 2010-03-19 23:12 50688 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
    2010-03-19 23:12 . 2010-03-19 23:12 49152 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
    2010-03-19 23:12 . 2010-03-19 23:12 118784 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
    2010-03-10 06:15 . 2002-09-03 20:01 420352 ----a-w- f:\windows\system32\vbscript.dll
    2003-08-27 18:19 . 2006-08-11 15:51 36963 ----a-r- f:\program files\Common Files\SM1updtr.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcagent_exe"="f:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
    "TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf f:\program files\iolo\System Mechanic Professional 6\

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-04-13 06:29 47392 ----a-w- f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 15:09 460784 ----a-w- f:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 14:55 206064 ----a-w- f:\program files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-04-02 10:24 113400 ----a-w- f:\program files\Roxio\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2007-08-30 15:50 205480 ----a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-04-28 19:06 142120 ----a-w- f:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
    2003-03-04 12:49 86100 ------w- f:\program files\Lexmark X5100 Series\lxbabmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    2010-02-11 16:36 1218008 ----a-w- f:\program files\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-16 19:01 13529088 ----a-w- f:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-16 19:01 86016 ----a-w- f:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-16 19:01 1630208 ----a-w- f:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- f:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2007-04-10 00:50 228088 ----a-w- f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 18:20 94208 ----a-r- f:\windows\SM1bg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-28 19:11 202256 ----a-w- f:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 20:45 313472 ----a-r- f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "RoxWatch9"=2 (0x2)
    "RoxLiveShare9"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "aawservice"=3 (0x3)
    "stllssvr"=3 (0x3)
    "gusvc"=3 (0x3)
    "RoxMediaDB9"=3 (0x3)
    "Roxio Upnp Server 9"=3 (0x3)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "magaService"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "DSBrokerService"=3 (0x3)
    "Creative Service for CDROM Access"=3 (0x3)
    "CCALib8"=3 (0x3)
    "BITS"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "f:\\WINDOWS\\system32\\wjview.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "f:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
    "f:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "f:\\Documents and Settings\\Dennis\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "f:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "f:\\WINDOWS\\system32\\mmc.exe"=
    "f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Program Files\\iTunes\\iTunes.exe"=
    "f:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "990:TCP"= 990:TCP:phone
    "999:TCP"= 999:TCP:phone
    "5678:TCP"= 5678:TCP:phone
    "5679:UDP"= 5679:UDP:phone
    "5721:TCP"= 5721:TCP:phone

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 9:35 AM 203280]
    S0 Lbd;Lbd;f:\windows\system32\DRIVERS\Lbd.sys --> f:\windows\system32\DRIVERS\Lbd.sys [?]
    S4 magaService;Lan Discover Agent;f:\program files\Sygate\SSA\maga\maga.exe --> f:\program files\Sygate\SSA\maga\maga.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-23 f:\windows\Tasks\AppleSoftwareUpdate.job
    - f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

    2010-05-10 f:\windows\Tasks\McDefragTask.job
    - f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

    2010-05-10 f:\windows\Tasks\McQcTask.job
    - f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

    2010-06-03 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-03 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-01 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-05-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-03 f:\windows\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
    - f:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

    2009-05-18 f:\windows\Tasks\Wise Registry Cleaner 4.job
    - f:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-04-14 18:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.msn.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
    DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-aawservice
    SafeBoot-AVG Anti-Spyware Guard
    MSConfigStartUp-PC Connection Agent - f:\progra~1\MICROS~3\wcescomm.exe
    MSConfigStartUp-Mpijomini - f:\windows\ibolatiwo.dll
    MSConfigStartUp-swg - f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    AddRemove-IGN Download Manager - f:\program files\IGN\Download Manager\uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-03 14:02
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
    "Name"="ActiveSync"
    "DisplayName"="Microsoft ActiveSync"
    "Param1"="ActiveSync"
    "Type"="wellknown"
    "Order"=dword:00000001
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
    "Name"="IESettings"
    "Type"="IESettings"
    "Order"=dword:00000004
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
    "Name"="MediaFiles"
    "Type"="MediaFiles"
    "Order"=dword:00000003
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
    "Name"="NPW"
    "Param1"="NPW"
    "Type"="wellknown"
    "Order"=dword:00000002
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
    "Name"="Outlook"
    "DisplayName"="Microsoft Outlook"
    "Param1"="Outlook"
    "Type"="wellknown"
    "Order"=dword:00000000
    "State"=dword:00000020
    .
    Completion time: 2010-06-03 14:06:30
    ComboFix-quarantined-files.txt 2010-06-03 18:06

    Pre-Run: 265,504,768,000 bytes free
    Post-Run: 265,559,855,104 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    - - End Of File - - 99395A87FFA59B1DE7167F09A30D3461
     
  8. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




    NEXT

    **Vista users - right click on the IE icon and run as administrator

    Run an on-line scan with Kaspersky

    Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.
    2. To optimize scanning time and produce a more sensible report for review:
    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    3. Click Run at the Security prompt.
    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take several minutes.
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View scan report at the bottom.

      [​IMG]
    • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
     
  9. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4168

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    6/4/2010 1:29:26 PM
    mbam-log-2010-06-04 (13-29-26).txt

    Scan type: Quick scan
    Objects scanned: 148822
    Time elapsed: 14 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Saturday, June 5, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Infected: Friday, June 04, 2010 12:23:03
    Records in database: 4199309
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan statistics:
    Objects scanned: 219815
    Threats found: 5
    Infected objects found: 6
    Suspicious objects found: 0
    Scan duration: 09:30:21


    File name / Threat / Threats count
    C:\Documents and Settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Bagle.bn 1
    C:\Documents and Settings\Mark\Shared\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
    C:\Documents and Settings\Mark\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
    C:\WINDOWS\syswast.exe Infected: Trojan-Downloader.Win32.VB.ah 1
    F:\Documents and Settings\Dennis\My Documents\Downloads\WRC4Free.exe Infected: Virus.Win32.Induc.a 1
    F:\Program Files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe Infected: not-a-virus:AdWare.Win32.TopMoxie.c 1

    Selected area has been scanned.
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    KillAll::
    File::
    C:\Documents and Settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx 
    C:\Documents and Settings\Mark\Shared\01 Track 1.wma 
    C:\Documents and Settings\Mark\Shared\06 Track 6.wma 
    C:\WINDOWS\syswast.exe 
    F:\Documents and Settings\Dennis\My Documents\Downloads\WRC4Free.exe 
    F:\Program Files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe 
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"


    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    Note: Allow ComboFix to update is it asks to do so:

    NEXT

    [​IMG]
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 20 and save it to your desktop.
    • Scroll down to where it says JDK 6 Update 20 (JDK or JRE)
    • Click the Download JRE button to the right
    • Select the Windows platform from the dropdown menu.
    • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked

        • Applications and Applets
          Trace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.


    NEXT

    Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
    Having the latest updates ensures there are no security vulnerabilities in your system.
     
  11. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    ComboFix 10-06-03.01 - Dennis 06/05/2010 13:45:05.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.274 [GMT -4:00]
    Running from: f:\documents and settings\Dennis\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
    .

    2010-06-05 01:09 . 2010-06-05 01:09 -------- d-----w- f:\windows\LastGood
    2010-06-01 21:29 . 2010-06-01 21:29 -------- d-----w- F:\HelpAsst_backup
    2010-06-01 21:11 . 2010-06-01 21:11 -------- d-----w- F:\_OTL
    2010-05-10 13:35 . 2010-05-10 13:35 -------- d-----w- f:\documents and settings\All Users\Application Data\SiteAdvisor
    2010-05-10 13:31 . 2010-02-17 20:52 40552 ----a-w- f:\windows\system32\drivers\mfesmfk.sys
    2010-05-10 13:31 . 2010-02-17 20:52 79816 ----a-w- f:\windows\system32\drivers\mfeavfk.sys
    2010-05-10 13:31 . 2010-02-17 20:52 35272 ----a-w- f:\windows\system32\drivers\mfebopk.sys
    2010-05-10 13:31 . 2009-07-16 16:32 120136 ----a-w- f:\windows\system32\drivers\Mpfp.sys
    2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\Common Files\McAfee
    2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\McAfee.com
    2010-05-10 13:30 . 2010-06-05 01:09 -------- d-----w- f:\program files\McAfee
    2010-05-10 13:26 . 2010-02-17 20:52 34248 ----a-w- f:\windows\system32\drivers\mferkdk.sys
    2010-05-10 13:18 . 2010-05-10 17:34 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
    2010-05-10 12:44 . 2010-05-10 12:44 -------- d-----w- f:\documents and settings\All Users\Application Data\Citrix
    2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\program files\Citrix
    2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\documents and settings\Dennis\Local Settings\Application Data\Citrix

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-04 00:40 . 2008-08-16 14:40 -------- d-----w- f:\program files\Microsoft Silverlight
    2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\program files\Spybot - Search & Destroy
    2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-10 12:56 . 2006-08-12 02:36 -------- d-----w- f:\program files\Lavasoft
    2010-05-10 12:56 . 2007-06-10 14:17 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-10 11:23 . 2009-11-04 00:39 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
    2010-05-02 16:22 . 2006-08-11 00:41 -------- d-----w- f:\program files\iTunes
    2010-05-02 16:21 . 2010-05-02 16:21 -------- d-----w- f:\program files\iPod
    2010-05-02 16:21 . 2007-07-08 13:34 -------- d-----w- f:\program files\Common Files\Apple
    2010-05-02 16:14 . 2010-05-02 16:14 -------- d-----w- f:\program files\Bonjour
    2010-05-02 16:11 . 2010-05-02 16:11 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
    2010-04-29 19:39 . 2009-11-04 00:39 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2009-11-04 00:39 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
    2010-04-24 14:36 . 2010-04-21 20:53 -------- d-----w- f:\program files\Garmin
    2010-04-22 00:39 . 2009-12-28 21:09 -------- d-----w- f:\documents and settings\Dennis\Application Data\GARMIN
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\documents and settings\All Users\Application Data\GARMIN
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\Garmin GPS Plugin
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\DIFX
    2010-04-19 18:11 . 2009-04-14 16:54 -------- d-----w- f:\program files\Wise Registry Cleaner
    2010-04-10 16:32 . 2010-04-10 16:32 -------- d-----w- f:\documents and settings\All Users\Application Data\avG
    2010-04-09 13:01 . 2006-09-12 01:43 35696 ----a-w- f:\documents and settings\Kathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-09 05:47 . 2010-04-09 05:47 -------- dc----w- f:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
    2010-04-09 05:46 . 2010-04-09 05:46 -------- d-----w- f:\documents and settings\Kathy\Application Data\Fighters
    2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- f:\windows\system32\dnssd.dll
    2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- f:\windows\system32\dns-sd.exe
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-28 19:14 . 2010-03-28 19:14 49152 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-28 19:14 . 2010-03-28 19:14 308808 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-28 19:14 . 2010-03-28 19:14 14848 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-03-28 19:14 . 2010-03-28 19:14 40960 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-28 19:12 . 2003-03-19 03:14 499712 ----a-w- f:\windows\system32\msvcp71.dll
    2010-03-28 19:08 . 2010-03-28 19:08 734728 ----a-w- f:\documents and settings\Dennis\Application Data\Real\RealPlayer\setup\AU_setup13.exe
    2010-03-28 12:43 . 2006-08-11 00:34 35696 ----a-w- f:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-19 23:19 . 2010-03-10 15:38 439816 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\setup.exe
    2010-03-19 23:14 . 2010-03-19 23:14 20841968 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
    2010-03-19 23:14 . 2010-03-19 23:14 8405312 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 149000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
    2010-03-19 23:13 . 2010-03-19 23:13 10309448 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 181768 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
    2010-03-19 23:13 . 2010-03-19 23:13 283280 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 79368 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\vista.exe
    2010-03-19 23:12 . 2010-03-19 23:12 64000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
    2010-03-19 23:12 . 2010-03-19 23:12 52288 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
    2010-03-19 23:12 . 2010-03-19 23:12 50688 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
    2010-03-19 23:12 . 2010-03-19 23:12 49152 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
    2010-03-19 23:12 . 2010-03-19 23:12 118784 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
    2010-03-10 06:15 . 2002-09-03 20:01 420352 ----a-w- f:\windows\system32\vbscript.dll
    2003-08-27 18:19 . 2006-08-11 15:51 36963 ----a-r- f:\program files\Common Files\SM1updtr.dll
    .

    ((((((((((((((((((((((((((((( [email protected]_18.02.26 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-08-10 22:25 . 2010-06-05 15:53 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2006-08-10 22:25 . 2010-06-03 17:41 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2010-06-04 00:46 . 2010-06-05 15:53 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
    - 2006-08-10 22:25 . 2010-06-03 17:41 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcagent_exe"="f:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
    "TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf f:\program files\iolo\System Mechanic Professional 6\

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-04-13 06:29 47392 ----a-w- f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 15:09 460784 ----a-w- f:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 14:55 206064 ----a-w- f:\program files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-04-02 10:24 113400 ----a-w- f:\program files\Roxio\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2007-08-30 15:50 205480 ----a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-04-28 19:06 142120 ----a-w- f:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
    2003-03-04 12:49 86100 ------w- f:\program files\Lexmark X5100 Series\lxbabmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    2010-02-11 16:36 1218008 ----a-w- f:\program files\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-16 19:01 13529088 ----a-w- f:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-16 19:01 86016 ----a-w- f:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-16 19:01 1630208 ----a-w- f:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- f:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2007-04-10 00:50 228088 ----a-w- f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 18:20 94208 ----a-r- f:\windows\SM1bg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-28 19:11 202256 ----a-w- f:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 20:45 313472 ----a-r- f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "RoxWatch9"=2 (0x2)
    "RoxLiveShare9"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "aawservice"=3 (0x3)
    "stllssvr"=3 (0x3)
    "gusvc"=3 (0x3)
    "RoxMediaDB9"=3 (0x3)
    "Roxio Upnp Server 9"=3 (0x3)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "magaService"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "DSBrokerService"=3 (0x3)
    "Creative Service for CDROM Access"=3 (0x3)
    "CCALib8"=3 (0x3)
    "BITS"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "f:\\WINDOWS\\system32\\wjview.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "f:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
    "f:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "f:\\Documents and Settings\\Dennis\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "f:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "f:\\WINDOWS\\system32\\mmc.exe"=
    "f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Program Files\\iTunes\\iTunes.exe"=
    "f:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "990:TCP"= 990:TCP:phone
    "999:TCP"= 999:TCP:phone
    "5678:TCP"= 5678:TCP:phone
    "5679:UDP"= 5679:UDP:phone
    "5721:TCP"= 5721:TCP:phone

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 9:35 AM 203280]
    S0 Lbd;Lbd;f:\windows\system32\DRIVERS\Lbd.sys --> f:\windows\system32\DRIVERS\Lbd.sys [?]
    S4 magaService;Lan Discover Agent;f:\program files\Sygate\SSA\maga\maga.exe --> f:\program files\Sygate\SSA\maga\maga.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-23 f:\windows\Tasks\AppleSoftwareUpdate.job
    - f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

    2010-05-10 f:\windows\Tasks\McDefragTask.job
    - f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

    2010-05-10 f:\windows\Tasks\McQcTask.job
    - f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

    2010-06-04 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-04 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-04 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-05-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-05 f:\windows\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
    - f:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

    2009-05-18 f:\windows\Tasks\Wise Registry Cleaner 4.job
    - f:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-04-14 18:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
    DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-05 13:55
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
    "Name"="ActiveSync"
    "DisplayName"="Microsoft ActiveSync"
    "Param1"="ActiveSync"
    "Type"="wellknown"
    "Order"=dword:00000001
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
    "Name"="IESettings"
    "Type"="IESettings"
    "Order"=dword:00000004
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
    "Name"="MediaFiles"
    "Type"="MediaFiles"
    "Order"=dword:00000003
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
    "Name"="NPW"
    "Param1"="NPW"
    "Type"="wellknown"
    "Order"=dword:00000002
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
    "Name"="Outlook"
    "DisplayName"="Microsoft Outlook"
    "Param1"="Outlook"
    "Type"="wellknown"
    "Order"=dword:00000000
    "State"=dword:00000020
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3996)
    f:\windows\system32\WININET.dll
    f:\program files\McAfee\SiteAdvisor\saHook.dll
    f:\windows\system32\ieframe.dll
    f:\windows\system32\mshtml.dll
    f:\windows\system32\msls31.dll
    f:\windows\system32\webcheck.dll
    f:\windows\system32\WPDShServiceObj.dll
    f:\windows\system32\PortableDeviceTypes.dll
    f:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-06-05 13:59:56
    ComboFix-quarantined-files.txt 2010-06-05 17:59
    ComboFix2.txt 2010-06-03 18:06

    Pre-Run: 265,650,061,312 bytes free
    Post-Run: 265,761,738,752 bytes free

    - - End Of File - - 06219A0FB9272CF709530123DCA9FC76
     
  12. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    the ComboFix scan didn't run from the script

    make sure the script is saved to your desktop, make certain it is named CFScript.txt then do the following:

    Go to Start > Run > copy/paste the following into the open run box > press OK

    "%userprofile%\desktop\combofix.exe" "%userprofile%\Desktop\CFScript.txt"
     
  13. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    Ok sorry thought I had it..here's the new one:

    ComboFix 10-06-05.02 - Dennis 06/06/2010 9:09.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.300 [GMT -4:00]
    Running from: f:\documents and settings\Dennis\desktop\combofix.exe
    Command switches used :: f:\documents and settings\Dennis\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    FILE ::
    "c:\documents and settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx"
    "c:\documents and settings\Mark\Shared\01 Track 1.wma"
    "c:\documents and settings\Mark\Shared\06 Track 6.wma"
    "c:\windows\syswast.exe"
    "f:\documents and settings\Dennis\My Documents\Downloads\WRC4Free.exe"
    "f:\program files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx
    c:\documents and settings\Mark\Shared\01 Track 1.wma
    c:\documents and settings\Mark\Shared\06 Track 6.wma
    c:\windows\syswast.exe
    f:\documents and settings\Dennis\My Documents\Downloads\WRC4Free.exe
    f:\program files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
    .

    2010-06-05 18:31 . 2010-02-01 01:45 38784 ----a-w- f:\documents and settings\Dennis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-06-05 18:29 . 2010-06-05 18:30 -------- d-----w- f:\program files\Common Files\Adobe
    2010-06-05 18:26 . 2010-06-05 18:26 -------- d-----w- f:\program files\Common Files\Adobe AIR
    2010-06-05 18:24 . 2010-06-05 18:24 86016 ----a-w- f:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-06-05 18:24 . 2010-06-06 12:45 -------- d-----w- f:\documents and settings\All Users\Application Data\NOS
    2010-06-05 18:19 . 2010-06-05 18:19 -------- d-----w- f:\program files\Common Files\Java
    2010-06-05 18:19 . 2010-06-05 18:19 503808 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4786c176-n\msvcp71.dll
    2010-06-05 18:19 . 2010-06-05 18:19 499712 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4786c176-n\jmc.dll
    2010-06-05 18:19 . 2010-06-05 18:19 61440 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47886efb-n\decora-sse.dll
    2010-06-05 18:19 . 2010-06-05 18:19 348160 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4786c176-n\msvcr71.dll
    2010-06-05 18:19 . 2010-06-05 18:19 12800 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47886efb-n\decora-d3d.dll
    2010-06-05 18:18 . 2010-06-05 18:18 411368 ----a-w- f:\windows\system32\deployJava1.dll
    2010-06-01 21:29 . 2010-06-01 21:29 -------- d-----w- F:\HelpAsst_backup
    2010-06-01 21:11 . 2010-06-01 21:11 -------- d-----w- F:\_OTL
    2010-05-10 13:35 . 2010-05-10 13:35 -------- d-----w- f:\documents and settings\All Users\Application Data\SiteAdvisor
    2010-05-10 13:31 . 2010-02-17 20:52 40552 ----a-w- f:\windows\system32\drivers\mfesmfk.sys
    2010-05-10 13:31 . 2010-02-17 20:52 79816 ----a-w- f:\windows\system32\drivers\mfeavfk.sys
    2010-05-10 13:31 . 2010-02-17 20:52 35272 ----a-w- f:\windows\system32\drivers\mfebopk.sys
    2010-05-10 13:31 . 2009-07-16 16:32 120136 ----a-w- f:\windows\system32\drivers\Mpfp.sys
    2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\Common Files\McAfee
    2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\McAfee.com
    2010-05-10 13:30 . 2010-06-06 12:51 -------- d-----w- f:\program files\McAfee
    2010-05-10 13:26 . 2010-02-17 20:52 34248 ----a-w- f:\windows\system32\drivers\mferkdk.sys
    2010-05-10 13:18 . 2010-05-10 17:34 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
    2010-05-10 12:44 . 2010-05-10 12:44 -------- d-----w- f:\documents and settings\All Users\Application Data\Citrix
    2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\program files\Citrix
    2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\documents and settings\Dennis\Local Settings\Application Data\Citrix

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-06 12:59 . 2006-08-11 14:47 -------- d-----w- f:\program files\Google
    2010-06-05 18:18 . 2006-08-13 21:23 -------- d-----w- f:\program files\Java
    2010-06-04 00:40 . 2008-08-16 14:40 -------- d-----w- f:\program files\Microsoft Silverlight
    2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\program files\Spybot - Search & Destroy
    2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-05-10 12:56 . 2006-08-12 02:36 -------- d-----w- f:\program files\Lavasoft
    2010-05-10 12:56 . 2007-06-10 14:17 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft
    2010-05-10 11:23 . 2009-11-04 00:39 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
    2010-05-02 16:22 . 2006-08-11 00:41 -------- d-----w- f:\program files\iTunes
    2010-05-02 16:21 . 2010-05-02 16:21 -------- d-----w- f:\program files\iPod
    2010-05-02 16:21 . 2007-07-08 13:34 -------- d-----w- f:\program files\Common Files\Apple
    2010-05-02 16:14 . 2010-05-02 16:14 -------- d-----w- f:\program files\Bonjour
    2010-05-02 16:11 . 2010-05-02 16:11 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
    2010-04-29 19:39 . 2009-11-04 00:39 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 19:39 . 2009-11-04 00:39 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
    2010-04-24 14:36 . 2010-04-21 20:53 -------- d-----w- f:\program files\Garmin
    2010-04-22 00:39 . 2009-12-28 21:09 -------- d-----w- f:\documents and settings\Dennis\Application Data\GARMIN
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\documents and settings\All Users\Application Data\GARMIN
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\Garmin GPS Plugin
    2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\DIFX
    2010-04-19 18:11 . 2009-04-14 16:54 -------- d-----w- f:\program files\Wise Registry Cleaner
    2010-04-10 16:32 . 2010-04-10 16:32 -------- d-----w- f:\documents and settings\All Users\Application Data\avG
    2010-04-09 13:01 . 2006-09-12 01:43 35696 ----a-w- f:\documents and settings\Kathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-09 05:47 . 2010-04-09 05:47 -------- dc----w- f:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
    2010-04-09 05:46 . 2010-04-09 05:46 -------- d-----w- f:\documents and settings\Kathy\Application Data\Fighters
    2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- f:\windows\system32\dnssd.dll
    2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- f:\windows\system32\dns-sd.exe
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-03-28 19:14 . 2010-03-28 19:14 49152 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-03-28 19:14 . 2010-03-28 19:14 308808 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-03-28 19:14 . 2010-03-28 19:14 14848 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-03-28 19:14 . 2010-03-28 19:14 40960 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-03-28 19:12 . 2003-03-19 03:14 499712 ----a-w- f:\windows\system32\msvcp71.dll
    2010-03-28 19:08 . 2010-03-28 19:08 734728 ----a-w- f:\documents and settings\Dennis\Application Data\Real\RealPlayer\setup\AU_setup13.exe
    2010-03-28 12:43 . 2006-08-11 00:34 35696 ----a-w- f:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-03-19 23:19 . 2010-03-10 15:38 439816 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\setup.exe
    2010-03-19 23:14 . 2010-03-19 23:14 20841968 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
    2010-03-19 23:14 . 2010-03-19 23:14 8405312 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 149000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
    2010-03-19 23:13 . 2010-03-19 23:13 10309448 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 181768 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
    2010-03-19 23:13 . 2010-03-19 23:13 283280 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
    2010-03-19 23:13 . 2010-03-19 23:13 79368 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\vista.exe
    2010-03-19 23:12 . 2010-03-19 23:12 64000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
    2010-03-19 23:12 . 2010-03-19 23:12 52288 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
    2010-03-19 23:12 . 2010-03-19 23:12 50688 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
    2010-03-19 23:12 . 2010-03-19 23:12 49152 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
    2010-03-19 23:12 . 2010-03-19 23:12 118784 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
    2010-03-10 06:15 . 2002-09-03 20:01 420352 ----a-w- f:\windows\system32\vbscript.dll
    2003-08-27 18:19 . 2006-08-11 15:51 36963 ----a-r- f:\program files\Common Files\SM1updtr.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-05 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mcagent_exe"="f:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
    "TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
    "SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf f:\program files\iolo\System Mechanic Professional 6\

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2010-04-13 06:29 47392 ----a-w- f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 15:09 460784 ----a-w- f:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 14:55 206064 ----a-w- f:\program files\Dell Support Center\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2007-04-02 10:24 113400 ----a-w- f:\program files\Roxio\Media Experience\DMXLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2007-08-30 15:50 205480 ----a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-04-28 19:06 142120 ----a-w- f:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
    2003-03-04 12:49 86100 ------w- f:\program files\Lexmark X5100 Series\lxbabmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    2010-02-11 16:36 1218008 ----a-w- f:\program files\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-16 19:01 13529088 ----a-w- f:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-16 19:01 86016 ----a-w- f:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-16 19:01 1630208 ----a-w- f:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 01:53 421888 ----a-w- f:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2007-04-10 00:50 228088 ----a-w- f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 18:20 94208 ----a-r- f:\windows\SM1bg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-28 19:11 202256 ----a-w- f:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "RoxWatch9"=2 (0x2)
    "RoxLiveShare9"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "aawservice"=3 (0x3)
    "stllssvr"=3 (0x3)
    "gusvc"=3 (0x3)
    "RoxMediaDB9"=3 (0x3)
    "Roxio Upnp Server 9"=3 (0x3)
    "Roxio UPnP Renderer 9"=3 (0x3)
    "magaService"=3 (0x3)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "DSBrokerService"=3 (0x3)
    "Creative Service for CDROM Access"=3 (0x3)
    "CCALib8"=3 (0x3)
    "BITS"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "f:\\WINDOWS\\system32\\wjview.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "f:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
    "f:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "f:\\Documents and Settings\\Dennis\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "f:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "f:\\WINDOWS\\system32\\mmc.exe"=
    "f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "f:\\Program Files\\iTunes\\iTunes.exe"=
    "f:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "990:TCP"= 990:TCP:phone
    "999:TCP"= 999:TCP:phone
    "5678:TCP"= 5678:TCP:phone
    "5679:UDP"= 5679:UDP:phone
    "5721:TCP"= 5721:TCP:phone

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 9:35 AM 203280]
    S0 Lbd;Lbd;f:\windows\system32\DRIVERS\Lbd.sys --> f:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [6/6/2010 8:59 AM 136176]
    S4 magaService;Lan Discover Agent;f:\program files\Sygate\SSA\maga\maga.exe --> f:\program files\Sygate\SSA\maga\maga.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-23 f:\windows\Tasks\AppleSoftwareUpdate.job
    - f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

    2010-06-06 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - f:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 12:59]

    2010-06-06 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - f:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 12:59]

    2010-05-10 f:\windows\Tasks\McDefragTask.job
    - f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

    2010-05-10 f:\windows\Tasks\McQcTask.job
    - f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

    2010-06-06 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-06 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-04 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-05-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
    - f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-06 f:\windows\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
    - f:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

    2009-05-18 f:\windows\Tasks\Wise Registry Cleaner 4.job
    - f:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-04-14 18:55]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
    DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-updateMgr - f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-06 09:29
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
    "Name"="ActiveSync"
    "DisplayName"="Microsoft ActiveSync"
    "Param1"="ActiveSync"
    "Type"="wellknown"
    "Order"=dword:00000001
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
    "Name"="IESettings"
    "Type"="IESettings"
    "Order"=dword:00000004
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
    "Name"="MediaFiles"
    "Type"="MediaFiles"
    "Order"=dword:00000003
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
    "Name"="NPW"
    "Param1"="NPW"
    "Type"="wellknown"
    "Order"=dword:00000002
    "State"=dword:0000000b

    [HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
    "Name"="Outlook"
    "DisplayName"="Microsoft Outlook"
    "Param1"="Outlook"
    "Type"="wellknown"
    "Order"=dword:00000000
    "State"=dword:00000020
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3900)
    f:\windows\system32\WININET.dll
    f:\program files\McAfee\SiteAdvisor\saHook.dll
    f:\windows\system32\ieframe.dll
    f:\windows\system32\mshtml.dll
    f:\windows\system32\msls31.dll
    f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    f:\windows\system32\webcheck.dll
    f:\windows\system32\WPDShServiceObj.dll
    f:\windows\system32\PortableDeviceTypes.dll
    f:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    f:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    f:\program files\Java\jre6\bin\jqs.exe
    f:\progra~1\McAfee\MSC\mcmscsvc.exe
    f:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    f:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    f:\progra~1\McAfee\VirusScan\mcshield.exe
    f:\program files\McAfee\MPF\MPFSrv.exe
    f:\windows\System32\MsPMSPSv.exe
    f:\progra~1\mcafee.com\agent\mcagent.exe
    f:\windows\system32\LEXBCES.EXE
    f:\windows\system32\LEXPPS.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-06-06 09:36:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-06-06 13:36
    ComboFix2.txt 2010-06-05 17:59
    ComboFix3.txt 2010-06-03 18:06

    Pre-Run: 265,111,216,128 bytes free
    Post-Run: 265,081,155,584 bytes free

    - - End Of File - - DD1E16D7E4D6122B186549A50EE82C33
     
  14. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Good did you update Java and Adobe?

    How is the computer running?

    If there are no other issues, we just need to do some housekeeping now:

    Please do the following:


    Go to Start > Run > copy/paste the bolded command into the run box > OK

    helpasst -cleanup



    NEXT

    Follow these steps to uninstall Combofix

    • Click START then RUN
    • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

    [​IMG]


    NEXT

    Clean up with OTL:
    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.


    If any logs/tools remain on your desktop > right click and delete them.


    NEXT


    Below I have included a number of recommendations for how to protect your computer against malware infections.

    • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
      Strong passwords: How to create and use them

      Then consider a password keeper, to keep all your passwords safe.

    • Keep Windows updated by regularly checking their website at :
      http://windowsupdate.microsoft.com/
      This will ensure your computer has always the latest security updates available installed on your computer.

    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    • Download TFC to your desktop
      • Close any open windows.
      • Double click the TFC icon to run the program
      • TFC will close all open programs itself in order to run,
      • Click the Start button to begin the process.
      • Allow TFC to run uninterrupted.
      • The program should not take long to finish it's job
      • Once its finished it should automatically reboot your machine,
      • if it doesn't, manually reboot to ensure a complete clean
      It's normal after running TFC cleaner that the PC will be slower to boot the first time.



      WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      • Green to go
      • Yellow for caution
      • Red to stop
      WOT has an addon available for both Firefox, IE and chrome.

    • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
      Think Prevention.
      PC Safety and Security--What Do I Need?.


    **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


    Thank you for your patience, and performing all of the procedures requested.

    Please respond one last time so we can consider the thread resolved and close it, thank-you.
     
  15. BigDude3

    BigDude3 Thread Starter

    Joined:
    Dec 6, 2006
    Messages:
    34
    Computer is running better (faster) than it has in a long time..without the stutters and hangups I had before as well. It was worth the wait!! Adobe and Java have been updated. Thanks for you professionalism and knowledge. I appreciate it.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915871

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice