Trojan.Fraudpack

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
Hello T-S Guys...

Need a bit of help pls...I was infected with the "Trojan.Fraudpack" (as per MalwareBytes)..I have been able (by disconnecting from the Modem) to (I think) get it removed using MalwareBytes but I still am not able to get onto the 'Net using IE and my Realplayer doe not connect either. Below is the latest run from MalwareBytes and after that the latest Hijack this log.


Thanks..

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3972

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/9/2010 4:30:23 PM
mbam-log-2010-04-09 (16-30-23).txt

Scan type: Full scan (F:\|)
Objects scanned: 242843
Time elapsed: 1 hour(s), 26 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Documents and Settings\HelpAssistant\Local Settings\Application Data\veijfrchm\vcqojuktssd.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{F0CD5A81-2B8A-4BDF-8CCF-40D75E87C773}\RP2\A0002270.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:52 PM, on 4/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\LEXBCES.EXE
F:\WINDOWS\system32\rundll32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\LEXPPS.EXE
F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\rundll32.exe
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Wise Registry Cleaner\WiseRegistryCleaner.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [mcagent_exe] "F:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [MSConfig] F:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://F:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_5F1A57F0B9B89E2E.dll/cmsidewiki.html
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155250172609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164289608109
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file://D:\WEBPULL\SUPPORT\DISC\ASP\TOOLS\EN\bin\npseatools.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - F:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - F:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - F:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - F:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - F:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 8449 bytes
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

sorry for the late reply, do you still need help with your machine?

Please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    CREATERESTOREPOINT


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.


NEXT




Download GMER Rootkit Scanner from herehttp://www.gmer.net/download.phphttp://www.gmer.net/download.php to your desktop. It will be a randomly named executable.
  • Double click the exe file.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
[/QUOTE]
 

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
Well I did get it working again..although I don't remember how. Just to be safe I will run thru you're fix as well:

OTL logfile created on: 6/1/2010 2:16:53 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = F:\Documents and Settings\Dennis\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 193.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 74.46 Gb Total Space | 12.32 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 245.73 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - F:\Documents and Settings\Dennis\My Documents\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - f:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - F:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - F:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - f:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - f:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - F:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - F:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - F:\Documents and Settings\Dennis\My Documents\OTL.exe (OldTimer Tools)
MOD - F:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - F:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (magaService) -- File not found
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McODS) -- F:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- F:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- F:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- F:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- F:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McProxy) -- f:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- f:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- F:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- F:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Roxio UPnP Renderer 9) -- F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (DSBrokerService) -- F:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (CCALib8) -- F:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (IDriverT) -- F:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfeavfk) -- F:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- F:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- F:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- F:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfehidk) -- F:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (HSF_DP) -- F:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- F:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- F:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MPFP) -- F:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nv) -- F:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (gameenum) -- F:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- F:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ovt519) -- F:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (RxFilter) -- F:\WINDOWS\system32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (DLADResM) -- F:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLAUDF_M) -- F:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- F:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- F:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAOPIOM) -- F:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- F:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- F:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- F:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- F:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (dsunidrv) -- F:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DLARTL_M) -- F:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- F:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (Cdralw2k) -- F:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- F:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (DRVNDDM) -- F:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DSproct) -- F:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (P16X) Creative SB Live! Series (WDM) -- F:\WINDOWS\system32\drivers\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- F:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- F:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (CVirtA) -- F:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (EMATCORE) -- F:\WINDOWS\system32\drivers\AtlsVid.sys (Dell Computer Corporation)
DRV - (AtlsAud) -- F:\WINDOWS\system32\drivers\AtlsAud.sys (Dell Computer Corporation)
DRV - (OMCI) -- F:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (MODEMCSA) -- F:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (PfModNT) -- F:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (Aspi32) -- F:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}: F:\Documents and Settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E} [2010/01/24 11:30:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/28 15:14:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: F:\Program Files\McAfee\SiteAdvisor [2010/06/01 07:14:51 | 000,000,000 | ---D | M]

[2009/07/29 19:59:35 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\extensions
[2008/10/23 12:10:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2006/09/24 23:43:33 | 000,001,406 | ---- | M] () -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\searchplugins\siteadvisor.gif
[2006/09/24 23:43:33 | 000,000,276 | ---- | M] () -- F:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\m26jwhlw.default\searchplugins\siteadvisor.src
[2006/09/24 09:26:15 | 002,078,344 | ---- | M] () -- F:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2006/12/06 14:46:58 | 000,000,710 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - F:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - F:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [mcagent_exe] F:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155250172609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164289608109 (MUWebControl Class)
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} http://launch.gamespyarcade.com/software/launch/alaunch.cab (GSDACtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} file://D:\WEBPULL\SUPPORT\DISC\ASP\TOOLS\EN\bin\npseatools.cab (Seagate SeaTools English Online)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: DirectAnimation Java Classes file://F:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://F:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - f:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/10/18 17:09:17 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2005/10/15 02:42:09 | 000,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/10/15 02:42:09 | 000,004,118 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf F:\Program Files\iolo\System Mechanic Professional 6\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2006/08/10 18:23:02 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: LanmanWorkstation - File not found
NetSvcs: Messenger - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/01 14:14:04 | 000,571,392 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Dennis\My Documents\OTL.exe
[2010/05/10 09:35:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2010/05/10 09:31:59 | 000,040,552 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/05/10 09:31:58 | 000,079,816 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/05/10 09:31:58 | 000,035,272 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mfebopk.sys
[2010/05/10 09:31:52 | 000,120,136 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\Mpfp.sys
[2010/05/10 09:30:53 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\McAfee
[2010/05/10 09:30:52 | 000,000,000 | ---D | C] -- F:\Program Files\McAfee.com
[2010/05/10 09:30:20 | 000,000,000 | ---D | C] -- F:\Program Files\McAfee
[2010/05/10 09:26:00 | 000,034,248 | ---- | C] (McAfee, Inc.) -- F:\WINDOWS\System32\drivers\mferkdk.sys
[2010/05/10 09:18:03 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/10 08:44:27 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/10 08:38:41 | 000,000,000 | ---D | C] -- F:\Program Files\Citrix
[2010/05/10 08:38:37 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Local Settings\Application Data\Citrix
[2010/05/07 22:04:52 | 000,000,000 | R--D | C] -- F:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/02 12:21:34 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
[2010/05/02 12:14:40 | 000,000,000 | ---D | C] -- F:\Program Files\Bonjour
[2010/04/25 12:44:37 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Dennis\Desktop\New Briefcase
[2010/04/21 20:33:44 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\My Documents\My Garmin
[2010/04/21 16:54:54 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\GARMIN
[2010/04/21 16:54:47 | 000,000,000 | ---D | C] -- F:\Program Files\Garmin GPS Plugin
[2010/04/21 16:54:20 | 000,000,000 | ---D | C] -- F:\Program Files\DIFX
[2010/04/21 16:53:31 | 000,000,000 | ---D | C] -- F:\Program Files\Garmin
[2010/04/17 21:12:16 | 000,000,000 | -H-D | C] -- F:\WINDOWS\ie8
[2010/04/14 17:06:11 | 000,000,000 | ---D | C] -- F:\Program Files\Spybot - Search & Destroy
[2010/04/14 17:06:11 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/04/10 12:32:39 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\avG
[2010/04/09 01:47:01 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
[2010/04/08 19:43:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Local Settings\Application Data\veijfrchm
[2010/04/04 17:21:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/30 16:28:21 | 000,000,000 | ---D | C] -- F:\Program Files\VS Revo Group
[2010/03/28 08:32:26 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\xing shared
[2010/03/28 08:28:35 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\SightSpeed
[2010/03/28 08:28:35 | 000,000,000 | ---D | C] -- F:\Program Files\CONEXANT
[2010/03/28 08:28:30 | 000,000,000 | ---D | C] -- F:\Program Files\SightSpeed
[2010/03/28 08:27:28 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\SureThing Shared
[2010/03/28 08:27:19 | 000,000,000 | ---D | C] -- F:\Program Files\InterActual
[2010/03/28 08:27:02 | 000,000,000 | ---D | C] -- F:\Program Files\EA GAMES
[2010/03/27 17:52:04 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Application Data\Auslogics(2)
[2010/03/27 17:30:19 | 000,000,000 | ---D | C] -- F:\Program Files\Auslogics(2)
[2006/08/10 18:43:37 | 000,065,536 | ---- | C] ( ) -- F:\WINDOWS\System32\A3d.dll
[1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/01 14:14:06 | 000,571,392 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Dennis\My Documents\OTL.exe
[2010/06/01 14:06:15 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/06/01 14:06:15 | 000,000,280 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
[2010/06/01 14:06:10 | 000,000,278 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
[2010/06/01 13:33:59 | 000,007,267 | ---- | M] () -- F:\WINDOWS\System32\Config.MPF
[2010/06/01 13:33:32 | 000,000,310 | -HS- | M] () -- F:\WINDOWS\tasks\IGJJ.job
[2010/06/01 13:33:32 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/06/01 13:33:26 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/06/01 13:32:36 | 006,291,456 | ---- | M] () -- F:\Documents and Settings\Dennis\ntuser.dat
[2010/06/01 13:32:36 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\Dennis\ntuser.ini
[2010/06/01 07:19:46 | 000,000,288 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
[2010/05/31 18:30:29 | 002,275,040 | -H-- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\IconCache.db
[2010/05/31 17:42:54 | 000,000,424 | -H-- | M] () -- F:\WINDOWS\tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
[2010/05/14 15:47:29 | 000,000,483 | ---- | M] () -- F:\WINDOWS\LEXSTAT.INI
[2010/05/13 20:40:16 | 000,077,312 | ---- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 08:10:42 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2010/05/11 07:16:12 | 000,001,127 | ---- | M] () -- F:\WINDOWS\win.ini
[2010/05/11 07:16:12 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2010/05/10 09:35:24 | 000,000,671 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/10 08:38:37 | 000,103,784 | ---- | M] () -- F:\Documents and Settings\Dennis\GoToAssistDownloadHelper.exe
[2010/05/10 08:33:53 | 000,000,342 | ---- | M] () -- F:\WINDOWS\tasks\McDefragTask.job
[2010/05/10 08:33:51 | 000,000,320 | ---- | M] () -- F:\WINDOWS\tasks\McQcTask.job
[2010/05/10 08:07:52 | 000,000,472 | ---- | M] () -- F:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/09 16:07:00 | 000,000,286 | ---- | M] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
[2010/05/02 12:22:58 | 000,001,804 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\System32\drivers\mbam.sys
[2010/04/23 19:38:27 | 006,291,456 | ---- | M] () -- F:\Documents and Settings\Dennis\ntuser.bak
[2010/04/23 12:34:01 | 000,000,284 | ---- | M] () -- F:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/10 12:37:48 | 000,014,900 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\5gQ6x4F
[2010/04/08 19:42:21 | 000,091,648 | RHS- | M] () -- F:\WINDOWS\System32\cryptuip.dll
[2010/04/02 12:46:36 | 000,000,661 | ---- | M] () -- F:\Documents and Settings\Dennis\Desktop\Revo Uninstaller.lnk
[2010/03/28 15:14:20 | 000,000,747 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/28 15:12:07 | 000,278,528 | ---- | M] (Real Networks, Inc) -- F:\WINDOWS\System32\pncrt.dll
[2010/03/28 08:43:57 | 000,035,696 | ---- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/28 08:34:37 | 000,167,504 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/28 03:21:06 | 000,000,744 | ---- | M] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\FASTWiz.html
[2010/03/15 20:28:32 | 000,456,860 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/03/15 20:28:32 | 000,078,408 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/03/15 20:28:31 | 000,545,570 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[1 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/10 09:35:49 | 000,007,267 | ---- | C] () -- F:\WINDOWS\System32\Config.MPF
[2010/05/10 09:35:24 | 000,000,671 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk
[2010/05/10 08:38:36 | 000,103,784 | ---- | C] () -- F:\Documents and Settings\Dennis\GoToAssistDownloadHelper.exe
[2010/05/10 08:33:52 | 000,000,342 | ---- | C] () -- F:\WINDOWS\tasks\McDefragTask.job
[2010/05/10 08:33:51 | 000,000,320 | ---- | C] () -- F:\WINDOWS\tasks\McQcTask.job
[2010/05/02 12:22:58 | 000,001,804 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/15 10:27:53 | 000,000,000 | -H-- | C] () -- F:\Documents and Settings\Dennis\ntuser.rhk.LOG
[2010/04/10 12:31:54 | 000,014,900 | -HS- | C] () -- F:\Documents and Settings\All Users\Application Data\5gQ6x4F
[2010/04/08 19:42:22 | 000,000,310 | -HS- | C] () -- F:\WINDOWS\tasks\IGJJ.job
[2010/04/08 19:42:21 | 000,091,648 | RHS- | C] () -- F:\WINDOWS\System32\cryptuip.dll
[2010/04/02 12:46:36 | 000,000,661 | ---- | C] () -- F:\Documents and Settings\Dennis\Desktop\Revo Uninstaller.lnk
[2010/03/28 15:14:20 | 000,000,747 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk
[2010/03/27 12:43:02 | 000,000,744 | ---- | C] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\FASTWiz.html
[2010/03/27 12:07:56 | 000,163,459 | ---- | C] () -- F:\Documents and Settings\Dennis\Local Settings\Application Data\FASTWiz.log
[2010/03/24 22:31:43 | 000,000,278 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
[2010/03/24 22:31:42 | 000,000,286 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
[2010/03/21 09:55:54 | 000,000,288 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
[2010/03/21 09:55:54 | 000,000,280 | ---- | C] () -- F:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
[2009/09/07 11:29:44 | 004,455,865 | ---- | C] () -- F:\WINDOWS\System32\libavcodec.dll
[2009/09/06 10:52:04 | 000,828,611 | ---- | C] () -- F:\WINDOWS\System32\ff_x264.dll
[2009/09/02 16:23:04 | 000,183,296 | ---- | C] () -- F:\WINDOWS\System32\ff_samplerate.dll
[2009/09/02 16:22:58 | 000,178,688 | ---- | C] () -- F:\WINDOWS\System32\ff_libmad.dll
[2009/09/02 16:22:40 | 000,113,152 | ---- | C] () -- F:\WINDOWS\System32\ff_unrar.dll
[2009/09/02 16:22:18 | 000,146,944 | ---- | C] () -- F:\WINDOWS\System32\ff_tremor.dll
[2009/09/02 16:22:10 | 000,257,024 | ---- | C] () -- F:\WINDOWS\System32\ff_libdts.dll
[2009/09/02 16:22:06 | 000,142,848 | ---- | C] () -- F:\WINDOWS\System32\ff_liba52.dll
[2009/09/02 16:22:00 | 000,484,864 | ---- | C] () -- F:\WINDOWS\System32\ff_libfaad2.dll
[2009/09/02 12:45:34 | 000,829,781 | ---- | C] () -- F:\WINDOWS\System32\xvidcore.dll
[2009/09/02 12:38:44 | 000,425,040 | ---- | C] () -- F:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/09/02 12:35:12 | 000,557,003 | ---- | C] () -- F:\WINDOWS\System32\libmplayer.dll
[2009/09/02 12:01:48 | 000,146,098 | ---- | C] () -- F:\WINDOWS\System32\libmpeg2_ff.dll
[2009/08/25 14:07:36 | 000,328,334 | ---- | C] () -- F:\WINDOWS\System32\ff_kernelDeint.dll
[2009/08/21 12:48:29 | 000,000,062 | ---- | C] () -- F:\WINDOWS\st_affiliate.ini
[2009/06/02 13:11:26 | 000,098,304 | ---- | C] () -- F:\WINDOWS\System32\ff_wmv9.dll
[2009/06/02 13:11:16 | 000,085,504 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll
[2009/01/10 18:17:32 | 000,163,840 | ---- | C] () -- F:\WINDOWS\System32\ts.dll
[2009/01/10 18:16:56 | 000,148,480 | ---- | C] () -- F:\WINDOWS\System32\mkx.dll
[2009/01/10 18:16:50 | 000,108,032 | ---- | C] () -- F:\WINDOWS\System32\avi.dll
[2009/01/10 18:16:14 | 000,141,312 | ---- | C] () -- F:\WINDOWS\System32\mp4.dll
[2009/01/10 18:15:54 | 000,120,832 | ---- | C] () -- F:\WINDOWS\System32\ogm.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- F:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 18:15:32 | 000,102,400 | ---- | C] () -- F:\WINDOWS\System32\avss.dll
[2009/01/10 18:15:28 | 000,246,784 | ---- | C] () -- F:\WINDOWS\System32\dxr.dll
[2009/01/10 18:15:12 | 000,097,280 | ---- | C] () -- F:\WINDOWS\System32\avs.dll
[2009/01/10 18:14:08 | 000,079,360 | ---- | C] () -- F:\WINDOWS\System32\mkzlib.dll
[2009/01/10 18:14:06 | 000,023,552 | ---- | C] () -- F:\WINDOWS\System32\mkunicode.dll
[2008/12/03 18:11:50 | 000,180,224 | ---- | C] () -- F:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- F:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 000,000,416 | ---- | C] () -- F:\WINDOWS\System32\dtu100.dll.manifest
[2008/05/16 15:01:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 15:01:00 | 001,486,848 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2008/05/16 15:01:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2008/05/16 15:01:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- F:\WINDOWS\System32\Registration.ini
[2007/09/02 15:59:30 | 000,001,576 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2007/08/25 21:23:13 | 000,215,144 | R--- | C] () -- F:\WINDOWS\patchw32.dll
[2007/08/25 21:21:53 | 000,215,144 | R--- | C] () -- F:\WINDOWS\pw32a.dll
[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- F:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/06/14 18:56:26 | 000,000,137 | ---- | C] () -- F:\WINDOWS\System32\MRT.INI
[2007/04/19 09:44:16 | 000,000,000 | ---- | C] () -- F:\WINDOWS\System32\px.ini
[2006/09/19 20:27:16 | 000,000,699 | ---- | C] () -- F:\WINDOWS\cdplayer.ini
[2006/09/04 09:15:47 | 000,143,384 | ---- | C] () -- F:\WINDOWS\System32\CSGina.dll
[2006/08/15 10:54:59 | 000,000,737 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2006/08/11 10:52:34 | 000,000,483 | ---- | C] () -- F:\WINDOWS\LEXSTAT.INI
[2006/08/11 10:51:33 | 000,000,188 | ---- | C] () -- F:\WINDOWS\System32\lxbacoin.ini
[2006/08/11 10:51:21 | 000,077,824 | ---- | C] () -- F:\WINDOWS\System32\LXBALCNP.DLL
[2006/08/10 18:44:14 | 000,000,231 | ---- | C] () -- F:\WINDOWS\AC3API.INI
[2006/08/10 18:43:38 | 000,047,616 | ---- | C] () -- F:\WINDOWS\System32\P16X.dll
[2006/08/10 18:43:38 | 000,002,092 | ---- | C] () -- F:\WINDOWS\System32\P16X.ini
[2006/08/10 18:43:38 | 000,000,026 | ---- | C] () -- F:\WINDOWS\System32\ctzapxx.ini
[2006/08/10 18:43:35 | 000,006,175 | ---- | C] () -- F:\WINDOWS\MIXDEF.INI
[2006/08/10 18:43:35 | 000,005,917 | ---- | C] () -- F:\WINDOWS\SBMIXDEF.INI
[2006/08/10 18:43:34 | 000,000,064 | ---- | C] () -- F:\WINDOWS\P16x.ini
[2006/08/10 18:42:55 | 000,000,245 | ---- | C] () -- F:\WINDOWS\SBWIN.INI
[2006/08/10 18:34:53 | 000,012,288 | ---- | C] () -- F:\WINDOWS\System32\e100bmsg.dll
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- F:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- F:\WINDOWS\System32\ssleay32.dll
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- F:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 00:00:00 | 000,022,016 | ---- | C] () -- F:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 00:00:00 | 000,012,288 | ---- | C] () -- F:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/04/10 12:32:39 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\avG
[2010/05/10 08:44:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Citrix
[2010/04/21 16:54:54 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\GARMIN
[2007/04/27 17:45:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\Napster
[2009/08/26 14:51:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/26 14:26:42 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/05/27 09:46:03 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/17 17:39:32 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/04 17:23:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 20:36:05 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/09 01:47:01 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
[2009/04/11 13:02:08 | 000,000,000 | ---D | M] -- F:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/24 10:11:20 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Aim
[2010/03/28 08:26:48 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Auslogics(2)
[2009/03/19 17:25:43 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Firaxis Games
[2010/04/21 20:39:06 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\GARMIN
[2009/03/09 18:51:45 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\IObit
[2007/05/09 17:13:23 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\iolo
[2009/03/18 13:25:21 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\My Games
[2009/04/13 12:40:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Uniblue
[2009/12/28 17:09:40 | 000,000,000 | ---D | M] -- F:\Documents and Settings\Dennis\Application Data\Windows Search
[2010/05/10 08:07:52 | 000,000,472 | ---- | M] () -- F:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/01 13:33:32 | 000,000,310 | -HS- | M] () -- F:\WINDOWS\Tasks\IGJJ.job
[2010/05/10 08:33:53 | 000,000,342 | ---- | M] () -- F:\WINDOWS\Tasks\McDefragTask.job
[2010/05/10 08:33:51 | 000,000,320 | ---- | M] () -- F:\WINDOWS\Tasks\McQcTask.job
[2010/05/31 17:42:54 | 000,000,424 | -H-- | M] () -- F:\WINDOWS\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
[2009/05/18 15:14:11 | 000,000,466 | ---- | M] () -- F:\WINDOWS\Tasks\Wise Registry Cleaner 4.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- F:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- F:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- F:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/09/03 15:56:52 | 010,158,890 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/08/10 19:50:19 | 022,245,337 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/15 20:11:31 | 023,852,652 | ---- | M] () .cab file -- F:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/09/03 15:33:39 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- F:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- F:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- F:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- F:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- F:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- F:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/04/08 19:42:21 | 000,091,648 | RHS- | M] () Unable to obtain MD5 -- F:\WINDOWS\system32\cryptuip.dll

< %systemroot%\Tasks\*.job /lockedfiles >
[2010/06/01 13:33:32 | 000,000,310 | -HS- | M] () Unable to obtain MD5 -- F:\WINDOWS\Tasks\IGJJ.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/08/10 14:14:40 | 000,094,208 | ---- | M] () -- F:\WINDOWS\system32\config\default.sav
[2006/08/10 14:14:40 | 000,626,688 | ---- | M] () -- F:\WINDOWS\system32\config\software.sav
[2006/08/10 14:14:40 | 000,434,176 | ---- | M] () -- F:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- F:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> F:\Documents and Settings\Dennis\My Documents\Untitled.rcl:Roxio EMC Stream
@Alternate Data Stream - 125 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 124 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:5B132D3E
@Alternate Data Stream - 103 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:C895616B
< End of report >


OTL Extras logfile created on: 6/1/2010 2:16:53 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = F:\Documents and Settings\Dennis\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 193.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): F:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 74.46 Gb Total Space | 12.32 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 372.60 Gb Total Space | 245.73 Gb Free Space | 65.95% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Dennis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4148:TCP" = 4148:TCP:*:Enabled:Services
"2640:TCP" = 2640:TCP:*:Enabled:Services
"2070:TCP" = 2070:TCP:*:Enabled:Services
"7961:TCP" = 7961:TCP:*:Enabled:Services
"7962:TCP" = 7962:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"990:TCP" = 990:TCP:*:Enabled:phone
"999:TCP" = 999:TCP:*:Enabled:phone
"5678:TCP" = 5678:TCP:*:Enabled:phone
"5679:UDP" = 5679:UDP:*:Enabled:phone
"5721:TCP" = 5721:TCP:*:Enabled:phone
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2479:TCP" = 2479:TCP:*:Enabled:Services
"3246:TCP" = 3246:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"4148:TCP" = 4148:TCP:*:Enabled:Services
"2640:TCP" = 2640:TCP:*:Enabled:Services
"2070:TCP" = 2070:TCP:*:Enabled:Services
"7961:TCP" = 7961:TCP:*:Enabled:Services
"7962:TCP" = 7962:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\GameSpy Arcade\Aphex.exe" = F:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade -- File not found
"F:\WINDOWS\system32\wjview.exe" = F:\WINDOWS\system32\wjview.exe:*:Enabled:Microsoft® VM Command Line Interpreter -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" = F:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe:*:Enabled:RoxMMTrayApp Module -- (Sonic Solutions)
"F:\Program Files\QuickTime\QuickTimePlayer.exe" = F:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player -- (Apple Inc.)
"F:\Documents and Settings\Dennis\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = F:\Documents and Settings\Dennis\Application Data\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"F:\Program Files\Real\realplay.exe" = F:\Program Files\Real\realplay.exe:*:Enabled:RealPlayer -- File not found
"F:\Program Files\SightSpeed\SightSpeed.exe" = F:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- (SightSpeed Inc.)
"F:\WINDOWS\system32\mmc.exe" = F:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"F:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = F:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- File not found
"F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = F:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio RecordNow Tools
"{0D330013-4A99-46D6-83C6-2C959C68DBFF}" = Roxio DVD Info Pro
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio RecordNow Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio RecordNow Copy
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E2B7A41-5ACC-4797-95C7-2BE64388028B}" = Garmin City Navigator North America NT 2010.10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787F2DC2-1699-44FA-A72F-9107166AF9CC}" = Roxio Content 9
"{79922D4F-BF47-42A2-902E-EF81B7A3750D}" = Roxio XingTones
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio RecordNow Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Atlantis
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator 9 Home
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5467B7C-C929-4C1A-B4E9-E7C376E2DF08}" = Roxio SightSpeed
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200214F1" = SoftV92 Data Fax Modem
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.0
"Creative Jukebox Driver" = Creative Jukebox Driver
"CSCLIB" = Canon Camera Support Core Library
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"IGN Download Manager" = IGN Download Manager 2.2.2
"InstallShield_{9ED6519B-324A-4C66-98EE-E3F54281BA78}" = Dell Movie Studio Diagnostics
"Lexmark X5100 Series" = Lexmark X5100 Series
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.85
"SightSpeed" = SightSpeed
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SystemRequirementsLab" = System Requirements Lab
"VisiPics_is1" = VisiPics V1.30
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.21
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 8.3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/9/2010 6:36:17 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/9/2010 6:42:35 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/9/2010 6:43:44 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/9/2010 6:55:24 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/9/2010 8:26:21 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/9/2010 8:29:09 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/9/2010 8:31:37 PM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/10/2010 6:48:28 AM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/10/2010 7:19:21 AM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 5/10/2010 7:49:14 AM | Computer Name = HOME | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

[ System Events ]
Error - 5/2/2010 10:30:35 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/2/2010 10:32:00 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 5/2/2010 12:34:55 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/2/2010 5:45:51 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/2/2010 8:46:25 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/2/2010 8:47:20 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 5/3/2010 11:32:41 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/3/2010 6:07:20 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747

Error - 5/4/2010 11:25:43 AM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0007E967CA23 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/4/2010 11:26:04 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = The IPSEC Services service terminated with the following error: %%1747


< End of report >
 

Attachments

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

You are still badly infected, please do the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    [2010/04/08 19:43:09 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Dennis\Local Settings\Application Data\veijfrchm
    [2010/04/10 12:37:48 | 000,014,900 | -HS- | M] () -- F:\Documents and Settings\All Users\Application Data\5gQ6x4F
    [2010/04/08 19:42:21 | 000,091,648 | RHS- | M] () -- F:\WINDOWS\System32\cryptuip.dll
    [2010/04/08 19:42:22 | 000,000,310 | -HS- | C] () -- F:\WINDOWS\tasks\IGJJ.job
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT


Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.

Double click the file to run it and follow any prompts.

If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.

Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.

Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.

Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !

When it completes, a log will open.

Please post the contents of that log.


**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).
 

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
F:\Documents and Settings\Dennis\Local Settings\Application Data\veijfrchm folder moved successfully.
F:\Documents and Settings\All Users\Application Data\5gQ6x4F moved successfully.
F:\WINDOWS\system32\cryptuip.dll moved successfully.
File F:\Documents and Settings\All Users\Application Data\5gQ6x4F not found.
F:\WINDOWS\tasks\IGJJ.job moved successfully.
========== COMMANDS ==========
F:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User

User: Dennis
->Flash cache emptied: 7990 bytes

User: Guest
->Flash cache emptied: 15066 bytes

User: HelpAssistant
->Flash cache emptied: 97332 bytes

User: Kathy
->Flash cache emptied: 64686 bytes

User: LocalService

User: Mark
->Flash cache emptied: 11669 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 33170 bytes

User: Dennis
->Temp folder emptied: 4133691 bytes
->Temporary Internet Files folder emptied: 83098891 bytes
->Java cache emptied: 162285 bytes
->FireFox cache emptied: 1492544 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 1857136 bytes
->Temporary Internet Files folder emptied: 1050705761 bytes
->Java cache emptied: 1134232 bytes
->FireFox cache emptied: 24910243 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 44871972 bytes
->Temporary Internet Files folder emptied: 487344645 bytes
->Java cache emptied: 4232673 bytes
->FireFox cache emptied: 16356326 bytes
->Flash cache emptied: 0 bytes

User: Kathy
->Temp folder emptied: 2855187 bytes
->Temporary Internet Files folder emptied: 156051538 bytes
->Java cache emptied: 232449 bytes
->FireFox cache emptied: 12337045 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 327881 bytes

User: Mark
->Temp folder emptied: 19456 bytes
->Temporary Internet Files folder emptied: 344358 bytes
->Java cache emptied: 2695403 bytes
->FireFox cache emptied: 84047080 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 550921 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2407781 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32969 bytes
RecycleBin emptied: 31428932 bytes

Total Files Cleaned = 1,920.00 mb


OTL by OldTimer - Version 3.2.5.2 log created on 06012010_171136

Files\Folders moved on Reboot...
F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\UWFCIRVW\md[1].htm moved successfully.
F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\MMZCWMG0\welcome[2].htm moved successfully.
F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\M481UE8F\aceUAC[1].htm moved successfully.
F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\M481UE8F\st[1] moved successfully.
F:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder F:\WINDOWS\temp\mcmsc_aTerPleBRmYOTOu not found!
File\Folder F:\WINDOWS\temp\mcmsc_sSCfNl4UXhGc9bo not found!

Registry entries deleted on Reboot...


--------------------------------------------
F:\Documents and Settings\Dennis\My Documents\HelpAsst_mebroot_fix.exe
Tue 06/01/2010 at 17:29:14.92

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: F:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3246:TCP"=-
"3389:TCP"=-
"4148:TCP"=-
"2640:TCP"=-
"2070:TCP"=-
"7961:TCP"=-
"7962:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2479:TCP"=-
"3246:TCP"=-
"3389:TCP"=-
"4148:TCP"=-
"2640:TCP"=-
"2070:TCP"=-
"7961:TCP"=-
"7962:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-1659004503-448539723-682003330-1000
HelpAssistant profile directory exists at F:\Documents and Settings\HelpAssistant ~ attempting to remove
~ All F:\Documents and Settings\HelpAssistant files successfully removed ~

~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82d32008
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82341440
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x02E933E00
malicious code @ sector 0x02E933E03 !
PE file found in sector at 0x02E933E19 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x82d32008
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0x82341440
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x02E933E00
malicious code @ sector 0x02E933E03 !
PE file found in sector at 0x02E933E19 !
Use "Recovery Console" command "fixmbr" to clear infection !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on Tue 06/01/2010 at 17:55:11.90

Account active No
Local Group Memberships *Administrators

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x02E933E00
malicious code @ sector 0x02E933E03 !
PE file found in sector at 0x02E933E19 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Good,

Please do the following:


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
 

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
Ok here's the last:

ComboFix 10-06-02.04 - Dennis 06/03/2010 13:52:29.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.237 [GMT -4:00]
Running from: f:\documents and settings\Dennis\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Dennis\GoToAssistDownloadHelper.exe
f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}
f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\chrome.manifest
f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\chrome\content\_cfg.js
f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\chrome\content\overlay.xul
f:\documents and settings\Dennis\Local Settings\Application Data\{E80C8EE3-AD43-423B-B353-96EF0434AF9E}\install.rdf
f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}
f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\chrome.manifest
f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\chrome\content\_cfg.js
f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\chrome\content\overlay.xul
f:\documents and settings\Kathy\Local Settings\Application Data\{B6DAC2E4-DE7F-421F-BEB8-841B7FB0FE92}\install.rdf
f:\windows\system32\_000005_.tmp.dll
f:\windows\system32\Data

.
((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))
.

2010-06-01 21:29 . 2010-06-01 21:29 -------- d-----w- F:\HelpAsst_backup
2010-06-01 21:11 . 2010-06-01 21:11 -------- d-----w- F:\_OTL
2010-05-10 13:35 . 2010-05-10 13:35 -------- d-----w- f:\documents and settings\All Users\Application Data\SiteAdvisor
2010-05-10 13:31 . 2010-02-17 20:52 40552 ----a-w- f:\windows\system32\drivers\mfesmfk.sys
2010-05-10 13:31 . 2010-02-17 20:52 79816 ----a-w- f:\windows\system32\drivers\mfeavfk.sys
2010-05-10 13:31 . 2010-02-17 20:52 35272 ----a-w- f:\windows\system32\drivers\mfebopk.sys
2010-05-10 13:31 . 2009-07-16 16:32 120136 ----a-w- f:\windows\system32\drivers\Mpfp.sys
2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\Common Files\McAfee
2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\McAfee.com
2010-05-10 13:30 . 2010-06-02 22:55 -------- d-----w- f:\program files\McAfee
2010-05-10 13:26 . 2010-02-17 20:52 34248 ----a-w- f:\windows\system32\drivers\mferkdk.sys
2010-05-10 13:18 . 2010-05-10 17:34 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
2010-05-10 12:44 . 2010-05-10 12:44 -------- d-----w- f:\documents and settings\All Users\Application Data\Citrix
2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\program files\Citrix
2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\documents and settings\Dennis\Local Settings\Application Data\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-03 17:39 . 2008-08-16 14:40 -------- d-----w- f:\program files\Microsoft Silverlight
2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\program files\Spybot - Search & Destroy
2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-10 12:56 . 2006-08-12 02:36 -------- d-----w- f:\program files\Lavasoft
2010-05-10 12:56 . 2007-06-10 14:17 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft
2010-05-10 11:23 . 2009-11-04 00:39 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-05-02 16:22 . 2006-08-11 00:41 -------- d-----w- f:\program files\iTunes
2010-05-02 16:21 . 2010-05-02 16:21 -------- d-----w- f:\program files\iPod
2010-05-02 16:21 . 2007-07-08 13:34 -------- d-----w- f:\program files\Common Files\Apple
2010-05-02 16:14 . 2010-05-02 16:14 -------- d-----w- f:\program files\Bonjour
2010-05-02 16:11 . 2010-05-02 16:11 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 19:39 . 2009-11-04 00:39 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-04 00:39 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-04-24 14:36 . 2010-04-21 20:53 -------- d-----w- f:\program files\Garmin
2010-04-22 00:39 . 2009-12-28 21:09 -------- d-----w- f:\documents and settings\Dennis\Application Data\GARMIN
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\documents and settings\All Users\Application Data\GARMIN
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\Garmin GPS Plugin
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\DIFX
2010-04-19 18:11 . 2009-04-14 16:54 -------- d-----w- f:\program files\Wise Registry Cleaner
2010-04-10 16:32 . 2010-04-10 16:32 -------- d-----w- f:\documents and settings\All Users\Application Data\avG
2010-04-09 13:01 . 2006-09-12 01:43 35696 ----a-w- f:\documents and settings\Kathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-09 05:47 . 2010-04-09 05:47 -------- dc----w- f:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-04-09 05:46 . 2010-04-09 05:46 -------- d-----w- f:\documents and settings\Kathy\Application Data\Fighters
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- f:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- f:\windows\system32\dns-sd.exe
2010-04-04 21:23 . 2010-04-04 21:21 -------- d-----w- f:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-04 21:12 . 2006-08-11 00:43 -------- d-----w- f:\program files\QuickTime
2010-04-04 20:47 . 2006-08-11 14:34 -------- d-----w- f:\documents and settings\Dennis\Application Data\Apple Computer
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-28 19:14 . 2010-03-28 19:14 49152 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-28 19:14 . 2010-03-28 19:14 308808 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-28 19:14 . 2010-03-28 19:14 14848 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-28 19:14 . 2010-03-28 19:14 40960 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-28 19:12 . 2003-03-19 03:14 499712 ----a-w- f:\windows\system32\msvcp71.dll
2010-03-28 19:08 . 2010-03-28 19:08 734728 ----a-w- f:\documents and settings\Dennis\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-03-28 12:43 . 2006-08-11 00:34 35696 ----a-w- f:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 23:19 . 2010-03-10 15:38 439816 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\setup.exe
2010-03-19 23:14 . 2010-03-19 23:14 20841968 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-19 23:14 . 2010-03-19 23:14 8405312 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 149000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-19 23:13 . 2010-03-19 23:13 10309448 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 181768 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-19 23:13 . 2010-03-19 23:13 283280 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 79368 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-19 23:12 . 2010-03-19 23:12 64000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-19 23:12 . 2010-03-19 23:12 52288 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-19 23:12 . 2010-03-19 23:12 50688 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-19 23:12 . 2010-03-19 23:12 49152 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-19 23:12 . 2010-03-19 23:12 118784 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-10 06:15 . 2002-09-03 20:01 420352 ----a-w- f:\windows\system32\vbscript.dll
2003-08-27 18:19 . 2006-08-11 15:51 36963 ----a-r- f:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="f:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf f:\program files\iolo\System Mechanic Professional 6\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 06:29 47392 ----a-w- f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- f:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- f:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- f:\program files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 15:50 205480 ----a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- f:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
2003-03-04 12:49 86100 ------w- f:\program files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-02-11 16:36 1218008 ----a-w- f:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- f:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 ----a-w- f:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 ----a-w- f:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-10 00:50 228088 ----a-w- f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 18:20 94208 ----a-r- f:\windows\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-28 19:11 202256 ----a-w- f:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxLiveShare9"=3 (0x3)
"Bonjour Service"=2 (0x2)
"aawservice"=3 (0x3)
"stllssvr"=3 (0x3)
"gusvc"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=3 (0x3)
"Roxio UPnP Renderer 9"=3 (0x3)
"magaService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Creative Service for CDROM Access"=3 (0x3)
"CCALib8"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\wjview.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
"f:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"f:\\Documents and Settings\\Dennis\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\WINDOWS\\system32\\LEXPPS.EXE"=
"f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"f:\\WINDOWS\\system32\\mmc.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"990:TCP"= 990:TCP:phone
"999:TCP"= 999:TCP:phone
"5678:TCP"= 5678:TCP:phone
"5679:UDP"= 5679:UDP:phone
"5721:TCP"= 5721:TCP:phone

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 9:35 AM 203280]
S0 Lbd;Lbd;f:\windows\system32\DRIVERS\Lbd.sys --> f:\windows\system32\DRIVERS\Lbd.sys [?]
S4 magaService;Lan Discover Agent;f:\program files\Sygate\SSA\maga\maga.exe --> f:\program files\Sygate\SSA\maga\maga.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

2010-05-10 f:\windows\Tasks\McDefragTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

2010-05-10 f:\windows\Tasks\McQcTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

2010-06-03 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-03 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-01 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-05-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-03 f:\windows\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
- f:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-05-18 f:\windows\Tasks\Wise Registry Cleaner 4.job
- f:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-04-14 18:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-aawservice
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-PC Connection Agent - f:\progra~1\MICROS~3\wcescomm.exe
MSConfigStartUp-Mpijomini - f:\windows\ibolatiwo.dll
MSConfigStartUp-swg - f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-IGN Download Manager - f:\program files\IGN\Download Manager\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 14:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
Completion time: 2010-06-03 14:06:30
ComboFix-quarantined-files.txt 2010-06-03 18:06

Pre-Run: 265,504,768,000 bytes free
Post-Run: 265,559,855,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 99395A87FFA59B1DE7167F09A30D3461
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
 

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4168

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/4/2010 1:29:26 PM
mbam-log-2010-06-04 (13-29-26).txt

Scan type: Quick scan
Objects scanned: 148822
Time elapsed: 14 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 5, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Infected: Friday, June 04, 2010 12:23:03
Records in database: 4199309
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 219815
Threats found: 5
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 09:30:21


File name / Threat / Threats count
C:\Documents and Settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Bagle.bn 1
C:\Documents and Settings\Mark\Shared\01 Track 1.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Mark\Shared\06 Track 6.wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\WINDOWS\syswast.exe Infected: Trojan-Downloader.Win32.VB.ah 1
F:\Documents and Settings\Dennis\My Documents\Downloads\WRC4Free.exe Infected: Virus.Win32.Induc.a 1
F:\Program Files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe Infected: not-a-virus:AdWare.Win32.TopMoxie.c 1

Selected area has been scanned.
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
KillAll::
File::
C:\Documents and Settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx 
C:\Documents and Settings\Mark\Shared\01 Track 1.wma 
C:\Documents and Settings\Mark\Shared\06 Track 6.wma 
C:\WINDOWS\syswast.exe 
F:\Documents and Settings\Dennis\My Documents\Downloads\WRC4Free.exe 
F:\Program Files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Note: Allow ComboFix to update is it asks to do so:

NEXT


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 20 and save it to your desktop.
  • Scroll down to where it says JDK 6 Update 20 (JDK or JRE)
  • Click the Download JRE button to the right
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


NEXT

Visit ADOBEand download the latest version of Acrobat Reader (version 9.3)
Having the latest updates ensures there are no security vulnerabilities in your system.
 

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
ComboFix 10-06-03.01 - Dennis 06/05/2010 13:45:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.274 [GMT -4:00]
Running from: f:\documents and settings\Dennis\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-05 01:09 . 2010-06-05 01:09 -------- d-----w- f:\windows\LastGood
2010-06-01 21:29 . 2010-06-01 21:29 -------- d-----w- F:\HelpAsst_backup
2010-06-01 21:11 . 2010-06-01 21:11 -------- d-----w- F:\_OTL
2010-05-10 13:35 . 2010-05-10 13:35 -------- d-----w- f:\documents and settings\All Users\Application Data\SiteAdvisor
2010-05-10 13:31 . 2010-02-17 20:52 40552 ----a-w- f:\windows\system32\drivers\mfesmfk.sys
2010-05-10 13:31 . 2010-02-17 20:52 79816 ----a-w- f:\windows\system32\drivers\mfeavfk.sys
2010-05-10 13:31 . 2010-02-17 20:52 35272 ----a-w- f:\windows\system32\drivers\mfebopk.sys
2010-05-10 13:31 . 2009-07-16 16:32 120136 ----a-w- f:\windows\system32\drivers\Mpfp.sys
2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\Common Files\McAfee
2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\McAfee.com
2010-05-10 13:30 . 2010-06-05 01:09 -------- d-----w- f:\program files\McAfee
2010-05-10 13:26 . 2010-02-17 20:52 34248 ----a-w- f:\windows\system32\drivers\mferkdk.sys
2010-05-10 13:18 . 2010-05-10 17:34 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
2010-05-10 12:44 . 2010-05-10 12:44 -------- d-----w- f:\documents and settings\All Users\Application Data\Citrix
2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\program files\Citrix
2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\documents and settings\Dennis\Local Settings\Application Data\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 00:40 . 2008-08-16 14:40 -------- d-----w- f:\program files\Microsoft Silverlight
2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\program files\Spybot - Search & Destroy
2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-10 12:56 . 2006-08-12 02:36 -------- d-----w- f:\program files\Lavasoft
2010-05-10 12:56 . 2007-06-10 14:17 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft
2010-05-10 11:23 . 2009-11-04 00:39 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-05-02 16:22 . 2006-08-11 00:41 -------- d-----w- f:\program files\iTunes
2010-05-02 16:21 . 2010-05-02 16:21 -------- d-----w- f:\program files\iPod
2010-05-02 16:21 . 2007-07-08 13:34 -------- d-----w- f:\program files\Common Files\Apple
2010-05-02 16:14 . 2010-05-02 16:14 -------- d-----w- f:\program files\Bonjour
2010-05-02 16:11 . 2010-05-02 16:11 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 19:39 . 2009-11-04 00:39 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-04 00:39 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-04-24 14:36 . 2010-04-21 20:53 -------- d-----w- f:\program files\Garmin
2010-04-22 00:39 . 2009-12-28 21:09 -------- d-----w- f:\documents and settings\Dennis\Application Data\GARMIN
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\documents and settings\All Users\Application Data\GARMIN
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\Garmin GPS Plugin
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\DIFX
2010-04-19 18:11 . 2009-04-14 16:54 -------- d-----w- f:\program files\Wise Registry Cleaner
2010-04-10 16:32 . 2010-04-10 16:32 -------- d-----w- f:\documents and settings\All Users\Application Data\avG
2010-04-09 13:01 . 2006-09-12 01:43 35696 ----a-w- f:\documents and settings\Kathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-09 05:47 . 2010-04-09 05:47 -------- dc----w- f:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-04-09 05:46 . 2010-04-09 05:46 -------- d-----w- f:\documents and settings\Kathy\Application Data\Fighters
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- f:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- f:\windows\system32\dns-sd.exe
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-28 19:14 . 2010-03-28 19:14 49152 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-28 19:14 . 2010-03-28 19:14 308808 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-28 19:14 . 2010-03-28 19:14 14848 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-28 19:14 . 2010-03-28 19:14 40960 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-28 19:12 . 2003-03-19 03:14 499712 ----a-w- f:\windows\system32\msvcp71.dll
2010-03-28 19:08 . 2010-03-28 19:08 734728 ----a-w- f:\documents and settings\Dennis\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-03-28 12:43 . 2006-08-11 00:34 35696 ----a-w- f:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 23:19 . 2010-03-10 15:38 439816 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\setup.exe
2010-03-19 23:14 . 2010-03-19 23:14 20841968 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-19 23:14 . 2010-03-19 23:14 8405312 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 149000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-19 23:13 . 2010-03-19 23:13 10309448 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 181768 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-19 23:13 . 2010-03-19 23:13 283280 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 79368 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-19 23:12 . 2010-03-19 23:12 64000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-19 23:12 . 2010-03-19 23:12 52288 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-19 23:12 . 2010-03-19 23:12 50688 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-19 23:12 . 2010-03-19 23:12 49152 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-19 23:12 . 2010-03-19 23:12 118784 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-10 06:15 . 2002-09-03 20:01 420352 ----a-w- f:\windows\system32\vbscript.dll
2003-08-27 18:19 . 2006-08-11 15:51 36963 ----a-r- f:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( [email protected]_18.02.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-10 22:25 . 2010-06-05 15:53 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-08-10 22:25 . 2010-06-03 17:41 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-06-04 00:46 . 2010-06-05 15:53 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-08-10 22:25 . 2010-06-03 17:41 32768 f:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="f:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf f:\program files\iolo\System Mechanic Professional 6\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 06:29 47392 ----a-w- f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- f:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- f:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- f:\program files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 15:50 205480 ----a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- f:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
2003-03-04 12:49 86100 ------w- f:\program files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-02-11 16:36 1218008 ----a-w- f:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- f:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 ----a-w- f:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 ----a-w- f:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-10 00:50 228088 ----a-w- f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 18:20 94208 ----a-r- f:\windows\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-28 19:11 202256 ----a-w- f:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 20:45 313472 ----a-r- f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxLiveShare9"=3 (0x3)
"Bonjour Service"=2 (0x2)
"aawservice"=3 (0x3)
"stllssvr"=3 (0x3)
"gusvc"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=3 (0x3)
"Roxio UPnP Renderer 9"=3 (0x3)
"magaService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Creative Service for CDROM Access"=3 (0x3)
"CCALib8"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\wjview.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
"f:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"f:\\Documents and Settings\\Dennis\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\WINDOWS\\system32\\LEXPPS.EXE"=
"f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"f:\\WINDOWS\\system32\\mmc.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"990:TCP"= 990:TCP:phone
"999:TCP"= 999:TCP:phone
"5678:TCP"= 5678:TCP:phone
"5679:UDP"= 5679:UDP:phone
"5721:TCP"= 5721:TCP:phone

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 9:35 AM 203280]
S0 Lbd;Lbd;f:\windows\system32\DRIVERS\Lbd.sys --> f:\windows\system32\DRIVERS\Lbd.sys [?]
S4 magaService;Lan Discover Agent;f:\program files\Sygate\SSA\maga\maga.exe --> f:\program files\Sygate\SSA\maga\maga.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

2010-05-10 f:\windows\Tasks\McDefragTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

2010-05-10 f:\windows\Tasks\McQcTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

2010-06-04 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-04 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-04 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-05-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-05 f:\windows\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
- f:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-05-18 f:\windows\Tasks\Wise Registry Cleaner 4.job
- f:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-04-14 18:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3996)
f:\windows\system32\WININET.dll
f:\program files\McAfee\SiteAdvisor\saHook.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-06-05 13:59:56
ComboFix-quarantined-files.txt 2010-06-05 17:59
ComboFix2.txt 2010-06-03 18:06

Pre-Run: 265,650,061,312 bytes free
Post-Run: 265,761,738,752 bytes free

- - End Of File - - 06219A0FB9272CF709530123DCA9FC76
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Hi,

the ComboFix scan didn't run from the script

make sure the script is saved to your desktop, make certain it is named CFScript.txt then do the following:

Go to Start > Run > copy/paste the following into the open run box > press OK

"%userprofile%\desktop\combofix.exe" "%userprofile%\Desktop\CFScript.txt"
 

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
Ok sorry thought I had it..here's the new one:

ComboFix 10-06-05.02 - Dennis 06/06/2010 9:09.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.300 [GMT -4:00]
Running from: f:\documents and settings\Dennis\desktop\combofix.exe
Command switches used :: f:\documents and settings\Dennis\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx"
"c:\documents and settings\Mark\Shared\01 Track 1.wma"
"c:\documents and settings\Mark\Shared\06 Track 6.wma"
"c:\windows\syswast.exe"
"f:\documents and settings\Dennis\My Documents\Downloads\WRC4Free.exe"
"f:\program files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kathy\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx
c:\documents and settings\Mark\Shared\01 Track 1.wma
c:\documents and settings\Mark\Shared\06 Track 6.wma
c:\windows\syswast.exe
f:\documents and settings\Dennis\My Documents\Downloads\WRC4Free.exe
f:\program files\LimeWire\3.8.7\LimeWireWin3.87.0000.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-05 18:31 . 2010-02-01 01:45 38784 ----a-w- f:\documents and settings\Dennis\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-05 18:29 . 2010-06-05 18:30 -------- d-----w- f:\program files\Common Files\Adobe
2010-06-05 18:26 . 2010-06-05 18:26 -------- d-----w- f:\program files\Common Files\Adobe AIR
2010-06-05 18:24 . 2010-06-05 18:24 86016 ----a-w- f:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-05 18:24 . 2010-06-06 12:45 -------- d-----w- f:\documents and settings\All Users\Application Data\NOS
2010-06-05 18:19 . 2010-06-05 18:19 -------- d-----w- f:\program files\Common Files\Java
2010-06-05 18:19 . 2010-06-05 18:19 503808 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4786c176-n\msvcp71.dll
2010-06-05 18:19 . 2010-06-05 18:19 499712 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4786c176-n\jmc.dll
2010-06-05 18:19 . 2010-06-05 18:19 61440 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47886efb-n\decora-sse.dll
2010-06-05 18:19 . 2010-06-05 18:19 348160 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4786c176-n\msvcr71.dll
2010-06-05 18:19 . 2010-06-05 18:19 12800 ----a-w- f:\documents and settings\Dennis\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47886efb-n\decora-d3d.dll
2010-06-05 18:18 . 2010-06-05 18:18 411368 ----a-w- f:\windows\system32\deployJava1.dll
2010-06-01 21:29 . 2010-06-01 21:29 -------- d-----w- F:\HelpAsst_backup
2010-06-01 21:11 . 2010-06-01 21:11 -------- d-----w- F:\_OTL
2010-05-10 13:35 . 2010-05-10 13:35 -------- d-----w- f:\documents and settings\All Users\Application Data\SiteAdvisor
2010-05-10 13:31 . 2010-02-17 20:52 40552 ----a-w- f:\windows\system32\drivers\mfesmfk.sys
2010-05-10 13:31 . 2010-02-17 20:52 79816 ----a-w- f:\windows\system32\drivers\mfeavfk.sys
2010-05-10 13:31 . 2010-02-17 20:52 35272 ----a-w- f:\windows\system32\drivers\mfebopk.sys
2010-05-10 13:31 . 2009-07-16 16:32 120136 ----a-w- f:\windows\system32\drivers\Mpfp.sys
2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\Common Files\McAfee
2010-05-10 13:30 . 2010-05-10 13:31 -------- d-----w- f:\program files\McAfee.com
2010-05-10 13:30 . 2010-06-06 12:51 -------- d-----w- f:\program files\McAfee
2010-05-10 13:26 . 2010-02-17 20:52 34248 ----a-w- f:\windows\system32\drivers\mferkdk.sys
2010-05-10 13:18 . 2010-05-10 17:34 -------- d-----w- f:\documents and settings\All Users\Application Data\McAfee
2010-05-10 12:44 . 2010-05-10 12:44 -------- d-----w- f:\documents and settings\All Users\Application Data\Citrix
2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\program files\Citrix
2010-05-10 12:38 . 2010-05-10 12:38 -------- d-----w- f:\documents and settings\Dennis\Local Settings\Application Data\Citrix

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 12:59 . 2006-08-11 14:47 -------- d-----w- f:\program files\Google
2010-06-05 18:18 . 2006-08-13 21:23 -------- d-----w- f:\program files\Java
2010-06-04 00:40 . 2008-08-16 14:40 -------- d-----w- f:\program files\Microsoft Silverlight
2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\program files\Spybot - Search & Destroy
2010-05-10 12:58 . 2010-04-14 21:06 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-10 12:56 . 2006-08-12 02:36 -------- d-----w- f:\program files\Lavasoft
2010-05-10 12:56 . 2007-06-10 14:17 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft
2010-05-10 11:23 . 2009-11-04 00:39 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-05-02 16:22 . 2006-08-11 00:41 -------- d-----w- f:\program files\iTunes
2010-05-02 16:21 . 2010-05-02 16:21 -------- d-----w- f:\program files\iPod
2010-05-02 16:21 . 2007-07-08 13:34 -------- d-----w- f:\program files\Common Files\Apple
2010-05-02 16:14 . 2010-05-02 16:14 -------- d-----w- f:\program files\Bonjour
2010-05-02 16:11 . 2010-05-02 16:11 73000 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-29 19:39 . 2009-11-04 00:39 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-11-04 00:39 20952 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-04-24 14:36 . 2010-04-21 20:53 -------- d-----w- f:\program files\Garmin
2010-04-22 00:39 . 2009-12-28 21:09 -------- d-----w- f:\documents and settings\Dennis\Application Data\GARMIN
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\documents and settings\All Users\Application Data\GARMIN
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\Garmin GPS Plugin
2010-04-21 20:54 . 2010-04-21 20:54 -------- d-----w- f:\program files\DIFX
2010-04-19 18:11 . 2009-04-14 16:54 -------- d-----w- f:\program files\Wise Registry Cleaner
2010-04-10 16:32 . 2010-04-10 16:32 -------- d-----w- f:\documents and settings\All Users\Application Data\avG
2010-04-09 13:01 . 2006-09-12 01:43 35696 ----a-w- f:\documents and settings\Kathy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-09 05:47 . 2010-04-09 05:47 -------- dc----w- f:\documents and settings\All Users\Application Data\{88078557-37D5-402B-8B75-49F162ECEDBD}
2010-04-09 05:46 . 2010-04-09 05:46 -------- d-----w- f:\documents and settings\Kathy\Application Data\Fighters
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- f:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- f:\windows\system32\dns-sd.exe
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-28 19:14 . 2010-03-28 19:14 45056 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-28 19:14 . 2010-03-28 19:14 49152 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-28 19:14 . 2010-03-28 19:14 308808 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-28 19:14 . 2010-03-28 19:14 14848 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-28 19:14 . 2010-03-28 19:14 40960 ----a-w- f:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-28 19:12 . 2003-03-19 03:14 499712 ----a-w- f:\windows\system32\msvcp71.dll
2010-03-28 19:08 . 2010-03-28 19:08 734728 ----a-w- f:\documents and settings\Dennis\Application Data\Real\RealPlayer\setup\AU_setup13.exe
2010-03-28 12:43 . 2006-08-11 00:34 35696 ----a-w- f:\documents and settings\Dennis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-19 23:19 . 2010-03-10 15:38 439816 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\setup.exe
2010-03-19 23:14 . 2010-03-19 23:14 20841968 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-19 23:14 . 2010-03-19 23:14 8405312 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 149000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-19 23:13 . 2010-03-19 23:13 10309448 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 181768 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-19 23:13 . 2010-03-19 23:13 283280 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-19 23:13 . 2010-03-19 23:13 79368 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-19 23:12 . 2010-03-19 23:12 64000 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-19 23:12 . 2010-03-19 23:12 52288 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-19 23:12 . 2010-03-19 23:12 50688 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-19 23:12 . 2010-03-19 23:12 49152 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-19 23:12 . 2010-03-19 23:12 118784 ----a-w- f:\documents and settings\Dennis\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-10 06:15 . 2002-09-03 20:01 420352 ----a-w- f:\windows\system32\vbscript.dll
2003-08-27 18:19 . 2006-08-11 15:51 36963 ----a-r- f:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="f:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="f:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-28 202256]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf f:\program files\iolo\System Mechanic Professional 6\

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-04-13 06:29 47392 ----a-w- f:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- f:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- f:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2007-04-02 10:24 113400 ----a-w- f:\program files\Roxio\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 15:50 205480 ----a-w- f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- f:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
2003-03-04 12:49 86100 ------w- f:\program files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
2010-02-11 16:36 1218008 ----a-w- f:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 19:01 13529088 ----a-w- f:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 19:01 86016 ----a-w- f:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 19:01 1630208 ----a-w- f:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-04-10 00:50 228088 ----a-w- f:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 18:20 94208 ----a-r- f:\windows\SM1bg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-28 19:11 202256 ----a-w- f:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxLiveShare9"=3 (0x3)
"Bonjour Service"=2 (0x2)
"aawservice"=3 (0x3)
"stllssvr"=3 (0x3)
"gusvc"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=3 (0x3)
"Roxio UPnP Renderer 9"=3 (0x3)
"magaService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"Creative Service for CDROM Access"=3 (0x3)
"CCALib8"=3 (0x3)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\WINDOWS\\system32\\wjview.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe"=
"f:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"f:\\Documents and Settings\\Dennis\\Application Data\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"f:\\WINDOWS\\system32\\LEXPPS.EXE"=
"f:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"f:\\WINDOWS\\system32\\mmc.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=
"f:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"990:TCP"= 990:TCP:phone
"999:TCP"= 999:TCP:phone
"5678:TCP"= 5678:TCP:phone
"5679:UDP"= 5679:UDP:phone
"5721:TCP"= 5721:TCP:phone

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;f:\program files\McAfee\SiteAdvisor\McSACore.exe [5/10/2010 9:35 AM 203280]
S0 Lbd;Lbd;f:\windows\system32\DRIVERS\Lbd.sys --> f:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);f:\program files\Google\Update\GoogleUpdate.exe [6/6/2010 8:59 AM 136176]
S4 magaService;Lan Discover Agent;f:\program files\Sygate\SSA\maga\maga.exe --> f:\program files\Sygate\SSA\maga\maga.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-23 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]

2010-06-06 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 12:59]

2010-06-06 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 12:59]

2010-05-10 f:\windows\Tasks\McDefragTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

2010-05-10 f:\windows\Tasks\McQcTask.job
- f:\progra~1\mcafee\mqc\QcConsol.exe [2010-05-10 16:22]

2010-06-06 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-06 f:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-448539723-682003330-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-04 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1003.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-05-09 f:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-448539723-682003330-1004.job
- f:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-06-06 f:\windows\Tasks\User_Feed_Synchronization-{1AC12276-8C6C-4AA6-B1B7-48512FA3311C}.job
- f:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-05-18 f:\windows\Tasks\Wise Registry Cleaner 4.job
- f:\program files\Wise Registry Cleaner\WiseRegistryCleaner.exe [2009-04-14 18:55]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - f:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://f:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-updateMgr - f:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1659004503-448539723-682003330-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3900)
f:\windows\system32\WININET.dll
f:\program files\McAfee\SiteAdvisor\saHook.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\mshtml.dll
f:\windows\system32\msls31.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\progra~1\McAfee\MSC\mcmscsvc.exe
f:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
f:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
f:\progra~1\McAfee\VirusScan\mcshield.exe
f:\program files\McAfee\MPF\MPFSrv.exe
f:\windows\System32\MsPMSPSv.exe
f:\progra~1\mcafee.com\agent\mcagent.exe
f:\windows\system32\LEXBCES.EXE
f:\windows\system32\LEXPPS.EXE
.
**************************************************************************
.
Completion time: 2010-06-06 09:36:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 13:36
ComboFix2.txt 2010-06-05 17:59
ComboFix3.txt 2010-06-03 18:06

Pre-Run: 265,111,216,128 bytes free
Post-Run: 265,081,155,584 bytes free

- - End Of File - - DD1E16D7E4D6122B186549A50EE82C33
 

CatByte

Malware Specialist
Joined
Feb 24, 2009
Messages
3,930
Good did you update Java and Adobe?

How is the computer running?

If there are no other issues, we just need to do some housekeeping now:

Please do the following:


Go to Start > Run > copy/paste the bolded command into the run box > OK

helpasst -cleanup



NEXT

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.




NEXT

Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.


If any logs/tools remain on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them

    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.



    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
 

BigDude3

Thread Starter
Joined
Dec 6, 2006
Messages
34
Computer is running better (faster) than it has in a long time..without the stutters and hangups I had before as well. It was worth the wait!! Adobe and Java have been updated. Thanks for you professionalism and knowledge. I appreciate it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top