rainyupa
Members-
Posts
9 -
Joined
-
Last visited
Reputation
0 Neutral-
Yet another XP Anti-Virus 2011 thread?
rainyupa replied to rainyupa's topic in Resolved Malware Removal Logs
All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{486B7748-0603-45A6-939B-027D9769CF5D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{486B7748-0603-45A6-939B-027D9769CF5D}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_USERS\S-1-5-21-948422672-219129953-2867573497-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupportCenter deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ Lite deleted successfully. Registry value HKEY_USERS\S-1-5-21-948422672-219129953-2867573497-1005\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupportCenter deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digeste.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\iifGVmJd deleted successfully. C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 moved successfully. C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 100582 bytes ->Flash cache emptied: 6098 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Robert K Bowers II ->Temp folder emptied: 398181328 bytes ->Temporary Internet Files folder emptied: 9772329 bytes ->Java cache emptied: 61319910 bytes ->FireFox cache emptied: 107527051 bytes ->Flash cache emptied: 1776764 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 99840 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 939707 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 842524 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 554.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03302011_084734 Files\Folders moved on Reboot... Registry entries deleted on Reboot... -
Yet another XP Anti-Virus 2011 thread?
rainyupa replied to rainyupa's topic in Resolved Malware Removal Logs
OTL.Txt OTL logfile created on: 3/27/2011 7:46:10 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert K Bowers II\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 22.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free Paging file location(s): C:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 1.27 Gb Free Space | 2.28% Space Free | Partition Type: NTFS Computer Name: ROBERT | User Name: Robert K Bowers II | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/27 19:44:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe PRC - [2011/03/05 17:42:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2011/01/17 17:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe PRC - [2011/01/17 17:15:32 | 000,822,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe PRC - [2009/05/26 10:38:57 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe PRC - [2008/11/06 13:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe PRC - [2008/06/13 12:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe PRC - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe PRC - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\SYSTEM32\lxdxcoms.exe PRC - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxserv.exe PRC - [2007/07/25 16:06:30 | 002,027,792 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2007/07/25 16:02:54 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2007/07/25 16:02:32 | 000,403,728 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/06/21 13:16:10 | 001,075,200 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2006/06/21 13:14:50 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe PRC - [2006/04/14 23:05:00 | 000,098,192 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla.org\Mozilla\mozilla.exe PRC - [2005/12/10 01:24:29 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe ========== Modules (SafeList) ========== MOD - [2011/03/27 19:44:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll MOD - [2007/07/20 00:40:36 | 000,113,176 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp) SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device) SRV - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService) SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2002/10/10 05:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel® ========== Driver Services (SafeList) ========== DRV - [2010/12/20 19:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek) DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk) DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk) DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp) DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk) DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet) DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k) DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids) DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk) DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys -- (LVMVDrv) DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys -- (LVcKap) DRV - [2007/07/18 20:44:22 | 003,599,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC) DRV - [2007/07/18 20:44:22 | 000,022,296 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys -- (FilterService) DRV - [2007/07/18 20:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/07/18 20:42:28 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys -- (lvpopflt) DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv) DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) DRV - [2006/05/19 17:16:24 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2006/05/19 17:16:24 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2004/08/04 02:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum) DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4) DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3) DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4) DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3) DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1) DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0) DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0) DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1) DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2) DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x) DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf) DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP) DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM) DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k) DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv) DRV - [2003/05/20 01:21:33 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp) DRV - [2003/05/20 01:21:33 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k) DRV - [2003/05/20 01:21:33 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K) DRV - [2003/05/20 01:21:33 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K) DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp) DRV - [2002/10/10 05:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG) DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost; IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost; IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-948422672-219129953-2867573497-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp IE - HKU\S-1-5-21-948422672-219129953-2867573497-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-948422672-219129953-2867573497-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-948422672-219129953-2867573497-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost; ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/23 17:08:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/09/02 22:13:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/03/02 10:54:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2010/09/02 22:13:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2011/03/02 10:54:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:15:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 17:43:05 | 000,000,000 | ---D | M] [2008/11/25 17:38:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert K Bowers II\Application Data\Mozilla\Extensions [2010/06/07 07:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Robert K Bowers II\Application Data\Mozilla\Firefox\Profiles\zrddxv3y.default\extensions [2008/11/25 17:38:58 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Application Data\Mozilla\Firefox\Profiles\zrddxv3y.default\searchplugins\siteadvisor.xml [2011/03/27 17:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/06/06 23:08:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/09 17:45:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/19 21:44:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2009/11/04 18:27:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/03/23 17:08:59 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll [2008/03/16 18:33:58 | 000,806,912 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npActiveGS.dll [2007/04/08 20:51:06 | 000,385,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll Hosts file not found O2 - BHO: (no name) - {486B7748-0603-45A6-939B-027D9769CF5D} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106171115.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [DellSupportCenter] File not found O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd) O4 - HKLM..\Run: [iCQ Lite] File not found O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe () O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-18..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation) O4 - HKU\S-1-5-21-948422672-219129953-2867573497-1005..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC) O4 - HKU\S-1-5-21-948422672-219129953-2867573497-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKU\S-1-5-21-948422672-219129953-2867573497-1005..\Run: [DellSupportCenter] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O15 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-948422672-219129953-2867573497-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1077493925265 (MSSecurityAdvisor Class) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/installs/yinst.cab (YInstStarter Class) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe (Reg Error: Key error.) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab (McAfee.com Operating System Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175911459015 (MUWebControl Class) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab (HouseCall Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab (DwnldGroupMgr Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab (Solitaire Showdown Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digeste.dll) - File not found O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iifGVmJd) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 14:36:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{58997061-773f-11df-b789-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{58997061-773f-11df-b789-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58997061-773f-11df-b789-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/27 19:44:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe [2011/03/27 16:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee [2011/03/01 22:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert K Bowers II\fontconfig [2011/03/01 22:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert K Bowers II\.smplayer [2011/03/01 22:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\SMPlayer [2011/03/01 22:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert K Bowers II\My Documents\.zs4 [2010/04/15 15:04:48 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll [2010/04/15 15:04:47 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll [2010/04/15 15:04:47 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll [2010/04/15 15:04:47 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll [2010/04/15 15:04:46 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll [2010/04/15 15:04:46 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll [2010/04/15 15:04:46 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll [2010/04/15 15:04:45 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll [2010/04/15 15:04:44 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxih.exe [2010/04/15 15:04:43 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll [2010/04/15 15:04:42 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcoms.exe [2010/04/15 15:04:41 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll [2010/04/15 15:04:41 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll [2010/04/15 15:04:40 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcfg.exe [2003/06/07 15:33:01 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL [2003/06/07 15:33:01 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL [2003/06/07 15:33:01 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL [2003/06/07 15:33:01 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL [2003/06/07 15:33:01 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL [2003/06/07 15:33:01 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL [2002/04/11 00:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [8 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/27 19:44:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe [2011/03/27 16:22:13 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2011/03/27 16:21:48 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2011/03/27 16:21:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2011/03/27 16:21:36 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys [2011/03/27 16:21:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2011/03/26 17:12:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/03/23 22:10:04 | 000,012,830 | -HS- | M] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 [2011/03/23 22:10:04 | 000,012,830 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 [2011/03/23 19:07:28 | 000,058,233 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\doghouse_color_wheel_altered.png [2011/03/23 17:52:37 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/18 00:02:30 | 000,391,144 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\NerdGirl.jpg [2011/03/13 16:49:51 | 000,402,498 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2011/03/13 16:49:51 | 000,063,184 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2011/03/13 01:03:22 | 000,012,356 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\Pusheen.JPG [2011/03/09 21:00:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2011/03/02 13:27:50 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2011/03/02 10:54:49 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2011/03/01 22:51:40 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini [2011/03/01 22:35:59 | 000,000,024 | ---- | M] () -- C:\WINDOWS\wininit.ini [2011/02/28 17:57:51 | 000,012,188 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\My Documents\KeineInstrumental.cl5 [8 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\hizefini [2011/03/23 19:07:28 | 000,058,233 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\doghouse_color_wheel_altered.png [2011/03/23 17:02:31 | 000,012,830 | -HS- | C] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 [2011/03/23 17:02:31 | 000,012,830 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mkr47m65w2qjrle7256w0m1xaj2e3 [2011/03/18 00:02:26 | 000,391,144 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\NerdGirl.jpg [2011/03/13 01:03:21 | 000,012,356 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\Pusheen.JPG [2011/03/02 13:27:50 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2011/03/02 13:27:50 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2011/03/01 22:51:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2011/03/01 22:35:57 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011/02/28 17:57:50 | 000,012,188 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\My Documents\KeineInstrumental.cl5 [2010/04/15 15:16:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll [2010/04/15 15:16:14 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll [2010/04/15 15:14:33 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll [2010/04/15 15:14:33 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll [2010/04/15 15:14:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll [2010/04/15 15:05:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini [2010/04/15 15:04:48 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll [2010/04/15 15:04:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll [2008/12/26 01:37:20 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/12/26 01:05:13 | 000,891,658 | -HS- | C] () -- C:\WINDOWS\System32\dJmVGfii.ini2 [2008/12/26 01:05:11 | 000,892,039 | -HS- | C] () -- C:\WINDOWS\System32\dJmVGfii.ini [2008/12/07 17:22:37 | 000,865,140 | -HS- | C] () -- C:\WINDOWS\System32\eNUDcfii.ini2 [2008/12/07 17:22:36 | 000,866,049 | -HS- | C] () -- C:\WINDOWS\System32\eNUDcfii.ini [2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2007/04/08 20:32:14 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/04/08 20:21:28 | 000,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/11/17 22:50:40 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/05/03 13:52:51 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005/12/28 11:25:31 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/08/09 18:13:59 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe [2005/08/09 18:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005/08/09 18:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005/08/09 18:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2004/12/04 00:27:36 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\fusioncache.dat [2004/10/08 23:55:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/04/19 03:22:36 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2004/04/15 00:59:28 | 000,099,024 | ---- | C] () -- C:\WINDOWS\MozillaUninstall.exe [2004/04/15 00:59:07 | 000,098,512 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe [2004/04/15 00:58:58 | 000,014,308 | ---- | C] () -- C:\WINDOWS\mozver.dat [2004/04/10 17:21:19 | 000,000,315 | ---- | C] () -- C:\WINDOWS\System32\mstasks2.exe [2004/04/10 17:21:18 | 000,129,536 | ---- | C] () -- C:\WINDOWS\System32\winrr.exe [2004/04/10 17:20:10 | 000,000,697 | ---- | C] () -- C:\WINDOWS\sdsini.ini [2004/03/21 18:15:14 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2003/11/18 01:15:01 | 000,002,051 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2003/10/06 01:12:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2003/09/24 22:10:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2003/09/24 22:10:25 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2003/09/24 22:10:25 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2003/09/01 10:06:14 | 000,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI [2003/08/22 21:28:12 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll [2003/08/22 21:28:12 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini [2003/08/22 21:27:39 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2003/07/26 22:12:51 | 000,000,499 | ---- | C] () -- C:\WINDOWS\eReg.dat [2003/07/08 13:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll [2003/06/08 01:31:42 | 000,000,457 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI [2003/06/07 16:43:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Application Data\PFP100JPR.{PB [2003/06/07 16:43:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Application Data\PFP100JCM.{PB [2003/06/07 15:26:20 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2003/06/07 14:50:01 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2003/05/20 01:23:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/05/20 01:18:25 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2003/05/20 01:11:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2003/05/20 01:11:17 | 000,007,406 | ---- | C] () -- C:\WINDOWS\ICOADB32.DAT [2003/05/20 01:11:17 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/05/20 01:08:55 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2003/05/20 01:08:54 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT [2003/05/20 01:08:40 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini [2003/05/20 01:08:40 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2003/05/20 01:08:39 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI [2003/05/20 01:08:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini [2003/05/20 01:08:12 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2003/05/20 01:04:38 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/05/20 00:55:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT [2003/05/20 00:54:28 | 000,402,498 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT [2003/05/20 00:54:28 | 000,063,184 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT [2003/05/20 00:40:38 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/02/05 12:11:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI [2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/09/03 16:07:03 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/09/03 16:07:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/09/03 15:51:48 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/09/03 15:51:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/09/03 15:44:25 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/09/03 15:44:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/09/03 15:37:19 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/09/03 15:36:07 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/09/03 14:42:36 | 000,268,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2002/09/03 14:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2002/09/03 14:31:48 | 000,023,688 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT [2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll [2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll [2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1999/01/22 22:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/11/17 18:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll ========== LOP Check ========== [2010/02/10 11:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2008/01/05 20:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2010/12/08 00:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2011/03/23 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/02/10 11:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/07/31 16:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore [2004/12/18 18:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Viewpoint [2005/10/31 19:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\.bittorrent [2010/02/10 11:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\acccore [2004/12/21 13:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Aim [2009/03/11 03:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\GlarySoft [2010/04/28 13:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Lexmark Productivity Studio [2008/01/05 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\NCH Swift Sound [2008/01/05 20:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Recordpad [2009/09/29 15:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\SpaceMonger [2004/11/13 15:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Viewpoint [2007/10/24 21:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\yoclient [2011/03/26 17:12:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/03/27 16:21:48 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > ======================================================================= Extras.Txt OTL Extras logfile created on: 3/27/2011 7:46:10 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Robert K Bowers II\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 22.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free Paging file location(s): C:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 1.27 Gb Free Space | 2.28% Space Free | Partition Type: NTFS Computer Name: ROBERT | User Name: Robert K Bowers II | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [spaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Control -- (Microsoft Corporation) "C:\WINDOWS\svcho.exe" = C:\WINDOWS\svcho.exe:*:Enabled:enable "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "C:\Program Files\McAfee\VirusScan\mcvsshld.exe" = C:\Program Files\McAfee\VirusScan\mcvsshld.exe:*:Enabled:mcvsshld -- (McAfee, Inc.) "C:\Program Files\Personal Guard 2009\personalguard.exe" = C:\Program Files\Personal Guard 2009\personalguard.exe:*:Enabled:personalguard "C:\Program Files\Common Files\aol\Loader\aolload.exe" = C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC) "C:\WINDOWS\SYSTEM32\lxdxcoms.exe" = C:\WINDOWS\SYSTEM32\lxdxcoms.exe:*:Enabled:Lexmark Communications System -- ( ) "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe:*:Enabled:Lexmark Device Monitor -- () "C:\Program Files\Lexmark 3600-4600 Series\frun.exe" = C:\Program Files\Lexmark 3600-4600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- () "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- () "C:\Documents and Settings\Robert K Bowers II\Local Settings\Temp\lxdx\wireless\lxdxwpss.exe" = C:\Documents and Settings\Robert K Bowers II\Local Settings\Temp\lxdx\wireless\lxdxwpss.exe:*:Enabled: "C:\WINDOWS\SYSTEM32\lxdxcfg.exe" = C:\WINDOWS\SYSTEM32\lxdxcfg.exe:*:Enabled:Printer Communication System -- ( ) "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxtime.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxjswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxwbgw.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\lxdxwbgw.exe:*:Enabled:Lexmark Web Gateway -- () "C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe:*:Enabled: -- () "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 22 "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe -
Yet another XP Anti-Virus 2011 thread?
rainyupa replied to rainyupa's topic in Resolved Malware Removal Logs
Getting rid of yey.exe did allow me to use Malware Bytes to clean my computer. However, I was unable to get rkill to work, either before or after. I keep getting a cycle of error messages with only Okay as an option, and it repeats indefinitely until I restart manually. Anywho, here is still my Mbam log from when I scanned. My computer appears to be working perfectly again, btw ======================== Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6146 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 3/24/2011 3:19:15 AM mbam-log-2011-03-24 (03-19-15).txt Scan type: Full scan (C:\|) Objects scanned: 291396 Time elapsed: 4 hour(s), 17 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 14 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\yey.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\robert k bowers ii\application data\Sun\Java\deployment\cache\6.0\23\406280d7-1c7740c4 (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\arl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\jlc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\lac.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\lfp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\llg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\loh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\mck.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\ofu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\owa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\rfy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\taq.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\xtf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\robert k bowers ii\local settings\application data\yey.old (Trojan.FakeAlert) -> Quarantined and deleted successfully. -
Yet another XP Anti-Virus 2011 thread?
rainyupa replied to rainyupa's topic in Resolved Malware Removal Logs
Also, I had HijackThis still downloaded from a year or so ago, so here's the log? Dunno if that will expediate things for me any: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:35:49 PM, on 3/23/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe C:\WINDOWS\system32\lxdxcoms.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\mozilla.org\Mozilla\mozilla.exe C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\yey.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {486B7748-0603-45A6-939B-027D9769CF5D} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106171115.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175911459015 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080601/housecall.antivirus.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12923 bytes -
I'm still fairly positive that it's preferred to create individual threads for this, so if I'm wrong, I apologize. About an hour ago, I ran into XP Anti-Virus 2011 that happened to install itself on my computer now I cannot get it out. McAfee doesn't see anything wrong, and I'm unable to open/run my trusty Malware Bytes. I even tried to reboot into Safe Mode, and it will not let me, simply restarting until I choose 'start windows normally'. What should I do? "I'm infected - What do I do now?" has some steps to follow, but being unable to complete the very first one, I'm not sure if it would be safe/effective to do the others, presumably out of order. Thank you ahead of time!
-
I've caught the Personal Guard 2009 Bug
rainyupa replied to rainyupa's topic in Resolved Malware Removal Logs
Sorry for the delay! Here they are: -------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Robert K Bowers II at 2009-11-05 20:21:41 Microsoft Windows XP Professional Service Pack 2 System drive C: has 2 GB (4%) free of 57 GB Total RAM: 767 MB (24% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:22:25 PM, on 11/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\AIM\aim.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Robert K Bowers II\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Robert K Bowers II.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {486B7748-0603-45A6-939B-027D9769CF5D} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175911459015 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13712 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\McDefragTask.job C:\WINDOWS\tasks\McQcTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{486B7748-0603-45A6-939B-027D9769CF5D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-09-16 62784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-10-05 203536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-01-05 399352] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-10-05 203536] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2005-04-10 2904660] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344] "Dell AIO Printer A940"=C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe [2003-02-17 86102] "diagent"=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264] "mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-09-17 645328] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-10-06 5058560] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-12-10 180269] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-04 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064] "AIM"=C:\Program Files\AIM\aim.exe [2005-08-05 67160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe [2005-04-10 2904660] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1qDe] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2LRX2W83X2T3MQ] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940] C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe [2003-02-17 86102] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [2002-04-03 135264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dial32] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dial33] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] C:\WINDOWS\System32\DSentry.exe [2002-08-14 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-08-29 44032] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfLrBn] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll [2003-10-06 5058560] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL [2003-10-06 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-08-04 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-12-10 180269] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr] C:\Program Files\Common files\updmgr\updmgr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [2000-05-11 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe [2004-08-06 2502656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware] C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] C:\PROGRA~1\AMERIC~1.0\aoltray.exe [2002-10-08 36939] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] C:\PROGRA~1\DIGITA~1\DLG.exe [2002-09-12 24576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk] C:\Program Files\Common Files\GMT\GMT.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-02-17 65588] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\iifGVmJd "notification packages"=scecli zumodiwa.dll kebulovo.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispScrSavPage"=0 "EnableProfileQuota"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] ""= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:Control" "C:\WINDOWS\svcho.exe"="C:\WINDOWS\svcho.exe:*:Enabled:enable" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent" "C:\WINDOWS\SYSTEM32\alg.exe"="C:\WINDOWS\SYSTEM32\alg.exe:*:Enabled:alg" "C:\Program Files\McAfee\VirusScan\mcvsshld.exe"="C:\Program Files\McAfee\VirusScan\mcvsshld.exe:*:Enabled:mcvsshld" "C:\Program Files\Personal Guard 2009\personalguard.exe"="C:\Program Files\Personal Guard 2009\personalguard.exe:*:Enabled:personalguard" "C:\WINDOWS\SYSTEM32\logonui.exe"="C:\WINDOWS\SYSTEM32\logonui.exe:*:Enabled:logonui" "C:\WINDOWS\SYSTEM32\winlogon.exe"="C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2009-11-05 20:21:41 ----D---- C:\rsit 2009-11-04 17:29:18 ----A---- C:\WINDOWS\system32\javaws.exe 2009-11-04 17:29:18 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-11-04 17:29:17 ----A---- C:\WINDOWS\system32\javaw.exe 2009-11-04 17:29:17 ----A---- C:\WINDOWS\system32\java.exe 2009-11-04 17:05:20 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-11-04 17:04:14 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-11-04 15:10:01 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt 2009-11-04 15:09:52 ----D---- C:\_OTM 2009-11-04 09:49:20 ----D---- C:\Program Files\Trend Micro 2009-11-04 09:15:01 ----D---- C:\!KillBox ======List of files/folders modified in the last 1 months====== 2009-11-05 20:21:48 ----D---- C:\WINDOWS\Temp 2009-11-05 20:21:29 ----D---- C:\WINDOWS\Prefetch 2009-11-05 20:19:54 ----SD---- C:\WINDOWS\Tasks 2009-11-05 20:15:20 ----D---- C:\Program Files\Mozilla Firefox 2009-11-05 20:13:18 ----D---- C:\WINDOWS 2009-11-05 20:12:12 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-05 16:54:12 ----D---- C:\WINDOWS\system32\CatRoot2 2009-11-04 18:15:28 ----AD---- C:\WINDOWS\SYSTEM32 2009-11-04 17:57:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-04 17:57:21 ----D---- C:\WINDOWS\system32\DRIVERS 2009-11-04 17:56:30 ----D---- C:\temp 2009-11-04 17:48:27 ----SHD---- C:\WINDOWS\Installer 2009-11-04 17:48:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-11-04 17:45:26 ----D---- C:\Program Files\Common Files\Adobe 2009-11-04 17:40:32 ----D---- C:\Program Files\Adobe 2009-11-04 17:27:09 ----D---- C:\Program Files\Java 2009-11-04 17:14:33 ----HD---- C:\WINDOWS\INF 2009-11-04 17:12:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-11-04 17:04:14 ----D---- C:\Program Files\Lavasoft 2009-11-04 17:04:07 ----D---- C:\WINDOWS\WinSxS 2009-11-04 16:51:29 ----RAD---- C:\Program Files 2009-11-04 16:50:06 ----D---- C:\Program Files\LimeWire 2009-11-04 16:49:36 ----HD---- C:\Program Files\InstallShield Installation Information 2009-11-04 16:45:33 ----AD---- C:\Program Files\Common Files 2009-11-04 15:02:43 ----D---- C:\Program Files\McAfee 2009-11-01 17:26:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-05-19 2432] R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-05-19 2560] R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664] R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-07-19 17153] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-05-20 143834] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-05-20 206464] R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2003-09-22 130192] R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-19 139776] R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-07-18 22296] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-09-03 9600] R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-11-17 1042432] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224] R3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-19 2109592] R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-19 2142488] R3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-07-18 1920920] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752] R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-07-18 3599000] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816] R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272] R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552] R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-05-20 30630] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160] R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-05-20 28164] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2003-09-22 178672] R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048] R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys [2002-10-08 33588] R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704] S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-04 42496] S2 ntndis;ntndis; \??\C:\WINDOWS\system32\drivers\ntndis.sys [] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-05-20 25898] S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [] S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020] S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415] S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127] S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775] S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063] S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455] S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311] S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551] S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys [] S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599] S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880] S3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\System32\drivers\NMSCFG.SYS [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2004-08-04 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2004-08-04 43008] S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2002-09-03 13952] S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2004-08-04 5504] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2004-08-04 41088] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2004-08-04 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-04 153376] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-04 1179232] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-17 303104] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-07-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-07-19 137752] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-10-19 92296] R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-09 865832] R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848] R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952] R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2003-10-06 81920] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2002-10-08 65536] R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584] R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736] R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-09-15 894136] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-19 141848] S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072] S3 NMSSvc;Intel® NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-10-10 1118208] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] -----------------EOF----------------- ----------------- info.txt logfile of random's system information tool 1.06 2009-11-05 20:22:40 ======Uninstall list====== -->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /W /U /S /R -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45893FEB-30FD-4034-8661-3BA4238FE67A}\SETUP.EXE" -l0x9 -uninst -y -a -f"b2003ce.isu" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{4468EF97-A253-4699-9E1C-88CAE2C6832D} Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll" Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001} Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log Adobe -
I've caught the Personal Guard 2009 Bug
rainyupa replied to rainyupa's topic in Resolved Malware Removal Logs
Everything suggested was removed and/or replaced, accordingly. ------------ Malwarebytes' Anti-Malware 1.41 Database version: 3101 Windows 5.1.2600 Service Pack 2 11/4/2009 6:15:28 PM mbam-log-2009-11-04 (18-15-28).txt Scan type: Quick Scan Objects scanned: 111189 Time elapsed: 16 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\SYSTEM32\korediri.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\jitabine.dll (Trojan.Vundo) -> Quarantined and deleted successfully. -
I've caught the Personal Guard 2009 Bug
rainyupa replied to rainyupa's topic in Resolved Malware Removal Logs
I'm running XP, if that will help in the future any. Though, after the HiJackThis fix, I did not start with PG2009, nor did I get the menagerie of DLL errors the past two times I had started up my computer. Here are the notepad files nonetheless, in order of the OTM file, then the OTL file, then the Extras file: ----------------------- All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== SERVICES/DRIVERS ========== Service\Driver Viewpoint Manager Service deleted successfully. ========== FILES ========== C:\Program Files\Personal Guard 2009 moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\VMgr_Win moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents\AxMetaStream_Win moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully. C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images moved successfully. C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData moved successfully. C:\Program Files\Viewpoint\Viewpoint Manager moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Resources moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\ComponentMgr_Win moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\AxMetaStream_Win moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology moved successfully. C:\Program Files\Viewpoint\Common moved successfully. C:\Program Files\Viewpoint moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 473289 bytes User: NetworkService ->Temp folder emptied: 1066284 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Robert K Bowers II ->Temp folder emptied: 148797937 bytes ->Temporary Internet Files folder emptied: 173097542 bytes ->Java cache emptied: 17588363 bytes ->FireFox cache emptied: 98531704 bytes C:\MCAF868.tmp\vso\winxp\en-us folder deleted successfully. C:\MCAF868.tmp\vso\winxp folder deleted successfully. C:\MCAF868.tmp\vso\en-us\com folder deleted successfully. C:\MCAF868.tmp\vso\en-us folder deleted successfully. C:\MCAF868.tmp\vso folder deleted successfully. C:\MCAF868.tmp\shared folder deleted successfully. C:\MCAF868.tmp folder deleted successfully. %systemdrive% .tmp files removed: 4027319 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 2233200 bytes %systemroot%\System32 .tmp files removed: 3833361 bytes File delete failed. C:\WINDOWS\temp\mcmsc_Mr7BDcg5PMnB8ZJ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\mcmsc_u8JEixaQxEWx4tN scheduled to be deleted on reboot. Windows Temp folder emptied: 3132719 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 431.90 mb OTM by OldTimer - Version 3.0.0.6 log created on 11042009_150952 Files moved on Reboot... File C:\WINDOWS\temp\mcmsc_Mr7BDcg5PMnB8ZJ not found! File C:\WINDOWS\temp\mcmsc_u8JEixaQxEWx4tN not found! Registry entries deleted on Reboot... -------------------------- OTL logfile created on: 11/4/2009 3:27:08 PM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Robert K Bowers II\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 372.64 Mb Available Physical Memory | 48.58% Memory free 1.71 Gb Paging File | 1.29 Gb Available in Paging File | 75.56% Paging File free Paging file location(s): C:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 2.55 Gb Free Space | 4.57% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROBERT Current User Name: Robert K Bowers II Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe () PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) PRC - C:\Program Files\Winamp\winampa.exe () PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\AIM\aim.exe (America Online, Inc.) PRC - C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\SYSTEM32\LEXBCES.EXE (Lexmark International, Inc.) PRC - C:\WINDOWS\SYSTEM32\LEXPPS.EXE (Lexmark International, Inc.) PRC - C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe (Dell Computer Corporation) PRC - C:\Program Files\Dell AIO Printer A940\dlbabmon.exe (Dell Computer Corporation) PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) PRC - C:\WINDOWS\SYSTEM32\cidaemon.exe (Microsoft Corporation) PRC - C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd) PRC - C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\SYSTEM32\umdmxfrm.dll (Microsoft Corporation) MOD - C:\WINDOWS\SYSTEM32\serwvdrv.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (iPodService) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation) SRV - (NVSvc) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (LexBceS) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE (Lexmark International, Inc.) SRV - (NMSSvc) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation) SRV - (WANMiniportService) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.) SRV - (Creative Service for CDROM Access) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.) DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (LVMVDrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVMVdrv.sys (Logitech Inc.) DRV - (LVcKap) -- C:\WINDOWS\SYSTEM32\DRIVERS\Lvckap.sys (Logitech Inc.) DRV - (LVUVC) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys (Logitech Inc.) DRV - (FilterService) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvcflt.sys (Logitech Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVUSBSta.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys () DRV - (TVICHW32) -- C:\WINDOWS\SYSTEM32\DRIVERS\TVICHW32.SYS (EnTech Taiwan) DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.) DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Sonic Solutions) DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions) DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation) DRV - (usbaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.) DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (P16X) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.) DRV - (UdfReadr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys (Roxio) DRV - (pwd_2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys (Roxio) DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys (Roxio) DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys (Roxio) DRV - (MxlW2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\MxlW2k.sys (MusicMatch, Inc.) DRV - (mdmxsdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (cdudf_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys (Roxio) DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation) DRV - (wanatw) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.) DRV - (E100B) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys (Intel Corporation) DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.) DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost; ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/04 15:02:17 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2008/12/02 11:45:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.6\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2008/04/03 15:42:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components [2008/12/02 11:45:10 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla 1.7.13\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins [2008/04/03 15:42:37 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 23:54:25 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 15:56:19 | 00,000,000 | ---D | M] [2008/11/25 16:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Mozilla\Extensions [2008/11/25 16:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2006/05/26 21:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Mozilla\Firefox\Profiles\zrddxv3y.default\extensions [2008/11/25 16:38:58 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Application Data\Mozilla\Firefox\Profiles\zrddxv3y.default\searchplugins\siteadvisor.xml [2009/11/04 08:27:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/10/29 15:56:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/06/13 17:13:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2007/08/01 23:05:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [2007/11/03 15:32:38 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/04/03 15:27:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009/10/29 15:56:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/10/29 15:56:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2006/09/03 12:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2008/03/16 17:33:58 | 00,806,912 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npActiveGS.dll [2007/04/08 19:51:06 | 00,385,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll [2007/10/11 14:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2009/10/29 15:56:11 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/22 23:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2006/08/04 21:35:44 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2006/08/04 21:35:44 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2006/08/04 21:35:45 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2006/08/04 21:35:45 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2006/08/04 21:35:45 | 00,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2008/10/30 01:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2008/10/30 01:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2008/10/30 01:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2008/10/30 01:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2008/10/30 01:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2008/10/30 01:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2008/10/30 01:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml Hosts file not found O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {486B7748-0603-45A6-939B-027D9769CF5D} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Dell AIO Printer A940] C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe (Dell Computer Corporation) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\rR39TOLks.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.) O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (Yahoo! Inc.) O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/download/0/5...b?1077493925265 (MSSecurityAdvisor Class) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (Minesweeper Flags Class) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://download.yahoo.com/dl/installs/yinst.cab (YInstStarter Class) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe (Reg Error: Key error.) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab (McAfee.com Operating System Class) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1175911459015 (MUWebControl Class) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab (HouseCall Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class) O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class) O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab (DwnldGroupMgr Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class) O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (Solitaire Showdown Class) O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digeste.dll) - File not found O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iifGVmJd) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/09/03 13:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/04 15:25:29 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe [2009/11/04 15:09:52 | 00,000,000 | ---D | C] -- C:\_OTM [2009/11/04 15:07:21 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTM.exe [2009/11/04 09:49:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/11/04 09:15:01 | 00,000,000 | ---D | C] -- C:\!KillBox [2009/10/15 15:15:47 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2003/06/07 14:33:01 | 00,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL [2003/06/07 14:33:01 | 00,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL [2003/06/07 14:33:01 | 00,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL [2003/06/07 14:33:01 | 00,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL [2003/06/07 14:33:01 | 00,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL [2003/06/07 14:33:01 | 00,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL [2002/04/10 23:41:00 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll [14 C:\Documents and Settings\Robert K Bowers II\My Documents\*.tmp files -> C:\Documents and Settings\Robert K Bowers II\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/04 15:25:35 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTL.exe [2009/11/04 15:21:30 | 00,026,963 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/11/04 15:19:36 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2009/11/04 15:18:22 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job [2009/11/04 15:18:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/04 15:18:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/11/04 15:18:14 | 80,433,1520 | -HS- | M] () -- C:\hiberfil.sys [2009/11/04 15:18:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2009/11/04 15:17:27 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Robert K Bowers II\NTUSER.DAT [2009/11/04 15:17:18 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Robert K Bowers II\NTUSER.INI [2009/11/04 15:07:28 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert K Bowers II\Desktop\OTM.exe [2009/11/04 09:49:21 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\HijackThis.lnk [2009/11/04 09:28:31 | 03,533,737 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\ComboFix.exe [2009/11/04 09:16:54 | 00,247,296 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/04 08:58:10 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\hizefini [2009/11/03 21:10:07 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/03 16:35:19 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2009/11/01 17:26:54 | 00,381,784 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009/11/01 17:26:53 | 00,053,604 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009/11/01 17:26:48 | 00,442,064 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/21 21:55:46 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\My Documents\CoverLetter102109.doc [2009/10/17 05:54:56 | 00,009,474 | ---- | M] () -- C:\Documents and Settings\Robert K Bowers II\My Documents\VocaloidTouhouOtherMix.cl5 [14 C:\Documents and Settings\Robert K Bowers II\My Documents\*.tmp files -> C:\Documents and Settings\Robert K Bowers II\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\hizefini [2009/11/04 09:49:21 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\HijackThis.lnk [2009/11/04 09:28:31 | 03,533,737 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Desktop\ComboFix.exe [2009/10/21 21:55:46 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\My Documents\CoverLetter102109.doc [2009/10/15 22:46:24 | 00,009,474 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\My Documents\VocaloidTouhouOtherMix.cl5 [2009/08/04 08:58:08 | 00,091,648 | -HS- | C] () -- C:\WINDOWS\System32\korediri.dll [2009/08/04 08:58:08 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\jitabine.dll [2008/12/26 00:37:20 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/12/26 00:05:13 | 00,891,658 | -HS- | C] () -- C:\WINDOWS\System32\dJmVGfii.ini2 [2008/12/26 00:05:11 | 00,892,039 | -HS- | C] () -- C:\WINDOWS\System32\dJmVGfii.ini [2008/12/07 16:22:37 | 00,865,140 | -HS- | C] () -- C:\WINDOWS\System32\eNUDcfii.ini2 [2008/12/07 16:22:36 | 00,866,049 | -HS- | C] () -- C:\WINDOWS\System32\eNUDcfii.ini [2007/07/18 16:42:42 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2007/04/08 19:32:14 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007/04/08 19:32:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007/04/08 19:21:28 | 00,058,163 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/11/17 21:50:40 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/05/03 12:52:51 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005/12/28 10:25:31 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/12/14 00:20:33 | 03,702,548 | -H-- | C] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\IconCache.db [2005/08/09 17:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005/08/09 17:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005/08/09 17:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2004/12/03 23:27:36 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\fusioncache.dat [2004/05/06 01:30:34 | 00,000,018 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt [2004/04/10 16:20:10 | 00,000,697 | ---- | C] () -- C:\WINDOWS\sdsini.ini [2004/03/21 17:15:14 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2003/11/18 00:15:01 | 00,002,051 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2003/10/06 14:16:00 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll [2003/10/06 00:12:45 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2003/09/24 21:10:26 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2003/09/24 21:10:25 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2003/09/24 21:10:25 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2003/09/01 09:06:14 | 00,002,696 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI [2003/08/22 20:28:12 | 00,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll [2003/08/22 20:28:12 | 00,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini [2003/08/22 20:27:39 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2003/07/08 12:41:48 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll [2003/06/08 13:36:25 | 00,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini [2003/06/08 00:31:42 | 00,000,457 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI [2003/06/07 15:43:34 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Application Data\PFP100JPR.{PB [2003/06/07 15:43:34 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Application Data\PFP100JCM.{PB [2003/06/07 14:26:20 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2003/06/07 13:50:01 | 00,247,296 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2003/06/07 12:28:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Robert K Bowers II\Application Data\DESKTOP.INI [2003/06/07 12:28:30 | 00,036,256 | ---- | C] () -- C:\Documents and Settings\Robert K Bowers II\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2003/05/20 00:23:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/05/20 00:14:41 | 00,207,758 | ---- | C] () -- C:\Program Files\INSTALL.LOG [2003/05/20 00:11:18 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2003/05/20 00:11:17 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/05/20 00:08:55 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2003/05/20 00:08:40 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini [2003/05/20 00:08:40 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2003/05/20 00:08:39 | 00,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI [2003/05/20 00:08:39 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini [2003/05/20 00:08:12 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2003/05/20 00:04:38 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2003/05/19 23:40:38 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/02/17 17:00:42 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll [2003/02/05 11:11:12 | 00,000,126 | ---- | C] () -- C:\WINDOWS\System32\DLBAPLC.INI [2002/11/01 15:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/09/03 13:36:02 | 00,000,762 | ---- | C] () -- C:\WINDOWS\WIN.INI [2002/09/03 13:26:32 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI [2002/09/03 13:26:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2002/07/04 14:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2002/02/06 09:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll [2002/01/21 14:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll [2001/12/14 12:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [1999/07/23 12:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 09:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1999/01/22 21:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/11/17 17:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll ========== LOP Check ========== [2008/02/26 12:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell [2008/01/05 19:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2008/02/06 16:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2008/08/26 17:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/09/18 20:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2005/10/31 18:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\.bittorrent [2004/12/21 12:15:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Aim [2003/08/14 02:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Corel [2009/03/11 02:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\GlarySoft [2004/06/03 20:15:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\ICQLite [2008/01/05 20:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\NCH Swift Sound [2008/01/05 19:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Recordpad [2007/11/01 20:48:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\SecuROM [2009/09/29 14:56:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\SpaceMonger [2004/11/13 14:27:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\Viewpoint [2007/10/24 20:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Robert K Bowers II\Application Data\yoclient [2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/11/04 15:18:22 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job [2009/09/15 00:11:56 | 00,000,376 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/08/01 00:00:54 | 00,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [2009/11/04 15:18:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 < End of report > -------------------- OTL Extras logfile created on: 11/4/2009 3:27:08 PM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Robert K Bowers II\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 372.64 Mb Available Physical Memory | 48.58% Memory free 1.71 Gb Paging File | 1.29 Gb Available in Paging File | 75.56% Paging File free Paging file location(s): C:\pagefile.sys 1024 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 2.55 Gb Free Space | 4.57% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ROBERT Current User Name: Robert K Bowers II Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" %* File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [spaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:Control -- (Microsoft Corporation) "C:\WINDOWS\svcho.exe" = C:\WINDOWS\svcho.exe:*:Enabled:enable -- File not found "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) "C:\Program Files\McAfee\VirusScan\mcvsshld.exe" = C:\Program Files\McAfee\VirusScan\mcvsshld.exe:*:Enabled:mcvsshld -- (McAfee, Inc.) "C:\Program Files\Personal Guard 2009\personalguard.exe" = C:\Program Files\Personal Guard 2009\personalguard.exe:*:Enabled:personalguard -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002 "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer "{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe -
Hello there. I've registered here today, because I have this nasty problem called Personal Guard 2009, and I can't seem to get rid of it! I've lurked before on how to remove prior problems, but the only solution that seems to stick that I can see recommended is combo-fix. However, the description of the solution said to post the log of combo-fix's attempt to be analyzed by the message board I was redirected from. To make sure I don't accidentally to irreparable damage to my computer, I figure I should do it officially through the proper channels! In addition to having Personal Guard 2009, I also get a lot of errors upon startup, saying how a number of files are not valid windows images, due to a file called lafokune.dll. I assume this is all part of the PG2009 package, so I figure one problem at a time. I have updated and run Malwarebytes Anti-Malware, and it supposedly clears out most of my problems. However, a number of files won't be removed except upon restarting, and after my computer finishes rebooting, I continue to have the same problems! ... if I accidentally forget to include something, please don't be too harsh with me. ------------------------ Malwarebytes' Anti-Malware 1.41 Database version: 3098 Windows 5.1.2600 Service Pack 2 11/4/2009 8:57:24 AM mbam-log-2009-11-04 (08-57-24).txt Scan type: Quick Scan Objects scanned: 127507 Time elapsed: 30 minute(s), 44 second(s) Memory Processes Infected: 2 Memory Modules Infected: 3 Registry Keys Infected: 3 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 4 Files Infected: 28 Memory Processes Infected: C:\WINDOWS\SYSTEM32\winsc.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\Program Files\Personal Guard 2009\personalguard.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\SYSTEM32\vivapose.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\SYSTEM32\kebulovo.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (Trojan.FakeAlert) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{1278ed18-21d3-466a-a642-ecaa200dcada} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\personal guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysnet (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\personalguard (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\q (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\Robert K Bowers II\Start Menu\Programs\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Microsoft AData (Rogue.SmartProtector) -> Delete on reboot. Files Infected: C:\WINDOWS\SYSTEM32\vivapose.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\SYSTEM32\kebulovo.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\SYSTEM32\winsc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\personalguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\kiviyehi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\popuyumi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\figusagu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\yohuhuvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\zumodiwa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\rdl62A.tmp.exe (Trojan.SpyAgent) -> Quarantined and deleted successfully. C:\Documents and Settings\Robert K Bowers II\Local Settings\Temp\n.exn (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Robert K Bowers II\Local Settings\Temporary Internet Files\Content.IE5\7ER0CSB0\load[1].php (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\config.scf (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\mmbase.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\q.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\uninstalls.exe (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\vvbase.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\Robert K Bowers II\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\Robert K Bowers II\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Microsoft AData\t.sid (Rogue.SmartProtector) -> Quarantined and deleted successfully. C:\Documents and Settings\Robert K Bowers II\Desktop\Personal Guard 2009.lnk (Rogue.PersonalGuard) -> Quarantined and deleted successfully. C:\WINDOWS\certSystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\Microsoftdef.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\regred.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\securits.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\spoov.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\usExplorer.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. -------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:56:32 AM, on 11/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Program Files\Dell AIO Printer A940\dlbabmon.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DellSupport\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\AIM\aim.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {486B7748-0603-45A6-939B-027D9769CF5D} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe" O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\rR39TOLks.exe" /runcleanupscript O4 - HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...76/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175911459015 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003080...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - AppInit_DLLs: qjndul.dll ,popuyumi.dll,vivapose.dll O20 - Winlogon Notify: ljJARhIX - ljJARhIX.dll (file missing) O23 - Service: McAfee Application Installer Cleanup (0287701257344304) (0287701257344304mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\028770~1.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13952 bytes