Jump to content

Recommended Posts

Hello,

I'm seeking expert assistance with removal of the following malware on a Windows 7 machine.

Trojan.FakeAlert

Trojan.FakeMS

PUM.Hijack.StartMenu (two registry entries)

I initially observed a rapid series of cascading dialogs stating "Unable to Load Attrib.exe" ."

I immediately cut power to the machine. On normal reboot I see a similar series of cascading dialogs

stating "Disk Errors Found," then the machine restarts on its own.

In safe mode most of my program icons were not visible and many folders were empty. I managed to run a full scan with mbam which found the 4 items as listed above. I quarantined them and did a normal reboot but the cascading error dialogs were still present and another scan with mbam in safe mode reveals the same threats. So they're still hiding out somewhere in this PC.

After reading the FAQs and Tips section of the forum on another machine, I was able to unhide everything in safe mode, giving me to access the forum via Firefox. I am reluctant to do another normal reboot until I have taken additional action, per one of your expert's recommendations.

The DDS output files below were obtained after running mbam and removing the threats. Please let me know if a normal reboot and rerun of DDS is needed.

Thank you in advance for your time.

Here's the dds.txt file:

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19

Run by Tom at 18:30:42 on 2012-01-22

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.7121 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\notepad.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [tSUpODctlIrm.exe] C:\ProgramData\tSUpODctlIrm.exe

mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRunOnce: [GrpConv] grpconv -o

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\CORELF~1.LNK - C:\Program Files (x86)\Corel\Print House Magic\cffrem.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{E359A986-72D7-4EFE-8E38-051C9AA41F29} : DhcpNameServer = 10.0.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO-X64: McAfee Phishing Filter - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll

BHO-X64: scriptproxy - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRunOnce-x64: [GrpConv] grpconv -o

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - component: C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: XULRunner: {3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7} - C:\Users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: XUL Cache: {86c56d72-0491-4ff9-a2a0-aa4a68b83970} - %profile%\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970}

FF - Ext: XUL Cache: {0244c830-c8f9-491b-8d2a-f63a68b17c6a} - %profile%\extensions\{0244c830-c8f9-491b-8d2a-f63a68b17c6a}

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-23 135664]

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936]

S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-8-27 249936]

S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-7 199272]

S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-7 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-7 161168]

S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-30 656624]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-1-29 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-29 79360]

S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-23 135664]

S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 PaeFireStudio;PreSonus FireStudio;C:\Windows\system32\Drivers\PaeFireStudio.sys --> C:\Windows\system32\Drivers\PaeFireStudio.sys [?]

S3 PaeFireStudioAudio;PreSonus FireStudio Audio;C:\Windows\system32\drivers\PaeFireStudioAudio.sys --> C:\Windows\system32\drivers\PaeFireStudioAudio.sys [?]

S3 PaeFireStudioMidi;PreSonus FireStudio MIDI;C:\Windows\system32\drivers\PaeFireStudioMidi.sys --> C:\Windows\system32\drivers\PaeFireStudioMidi.sys [?]

S3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;C:\Windows\system32\DRIVERS\MarvinAVS64.sys --> C:\Windows\system32\DRIVERS\MarvinAVS64.sys [?]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-22 02:33:45 -------- d-sh--w- C:\found.000

2012-01-22 00:32:29 453512 ----a-w- C:\ProgramData\tSUpODctlIrm.exe

2012-01-11 11:32:48 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 11:32:47 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 11:32:46 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 11:32:45 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 11:32:41 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 11:32:38 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 11:32:36 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 11:32:34 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-01 17:25:10 -------- d-----w- C:\ProgramData\McAfee Security Scan

2012-01-01 17:25:09 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-01 17:25:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan

.

==================== Find3M ====================

.

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:19:07 43520 ----a-w- C:\Windows\System32\csrsrv.dll

.

============= FINISH: 18:30:53.32 ===============

and attach.txt:

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 2/5/2010 9:25:26 PM

System Uptime: 1/22/2012 4:41:41 PM (2 hours ago)

.

Motherboard: DELL Inc. | | 0X501H

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2660/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 689 GiB total, 596.583 GiB free.

D: is CDROM ()

E: is CDROM ()

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: eHome Infrared Receiver (USBCIR)

Device ID: USB\VID_04EB&PID_E033\SN:CIR-00080612011700000000

Manufacturer: Microsoft

Name: eHome Infrared Receiver (USBCIR)

PNP Device ID: USB\VID_04EB&PID_E033\SN:CIR-00080612011700000000

Service: usbcir

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: McAfee Inc. mfehidk

Device ID: ROOT\LEGACY_MFEHIDK\0000

Manufacturer:

Name: McAfee Inc. mfehidk

PNP Device ID: ROOT\LEGACY_MFEHIDK\0000

Service: mfehidk

.

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}

Description: Consumer IR Devices

Device ID: ROOT\SYSTEM\0001

Manufacturer: Microsoft

Name: Consumer IR Devices

PNP Device ID: ROOT\SYSTEM\0001

Service: circlass

.

==== System Restore Points ===================

.

RP125: 12/11/2011 1:20:23 PM - Scheduled Checkpoint

RP126: 12/14/2011 10:57:51 PM - Windows Update

RP127: 12/23/2011 10:47:35 AM - Scheduled Checkpoint

RP128: 12/31/2011 10:42:37 AM - Scheduled Checkpoint

RP129: 1/8/2012 9:58:58 AM - Scheduled Checkpoint

RP130: 1/10/2012 9:46:42 PM - Windows Update

RP131: 1/11/2012 7:57:22 AM - Windows Update

RP132: 1/18/2012 8:27:29 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.7

Amazon MP3 Downloader 1.0.10

Apple Application Support

Apple Software Update

ASIO4ALL

ATI Catalyst Control Center

Bing Bar

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Corel Applications

CorelDRAW 10

Creative Audio Control Panel

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Getting Started Guide

Dell Support Center (Support Software)

DirectXInstallService

Dolby Digital Live Pack

EMC 10 Content

Emicsoft FLV Converter

FLV to WMV Convert 2.7

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

i-Fun Viewer

Internet TV for Windows Media Center

Java Auto Updater

Java™ 6 Update 19

Junk Mail filter update

Knoll Light Factory EZ Studio

Magic Bullet Looks Studio

Malwarebytes Anti-Malware version 1.60.0.1800

McAfee Security Scan Plus

McAfee SecurityCenter

Microsoft Choice Guard

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox (3.6)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Octoshape add-in for Adobe Flash Player

Pinnacle Studio 14

Pinnacle Studio Ultimate Collection Plugins

PowerDVD DX

QualXServ Service Agreement

QuickTime

RealPlayer

RealUpgrade 1.0

Red Giant ToonIt Studio

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy CD and DVD Burning

Roxio Express Labeler 3

Roxio Update Manager

Security Update for CAPICOM (KB931906)

Skins

Sonic CinePlayer Decoder Pack

Sound Blaster X-Fi

SureThing Express Labeler

Trapcode 3DStroke Studio

Trapcode Particular Studio

Trapcode Shine Studio

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Center Add-in for Flash

WinX DVD Player 3.1.1

WinX DVD Ripper Platinum 6.3.5

WinX Free DVD Ripper 4.5.14

.

==== Event Viewer Messages From Past Week ========

.

1/22/2012 9:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

1/22/2012 9:41:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

1/22/2012 6:41:35 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 6:41:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache RxFilter spldr Wanarpv6

1/22/2012 5:11:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR10.

1/22/2012 5:11:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR9.

1/22/2012 5:10:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.

1/22/2012 5:10:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7.

1/22/2012 5:10:27 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.

1/22/2012 5:10:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.

1/22/2012 5:09:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.

1/22/2012 5:08:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

1/22/2012 5:08:30 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:45:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

1/22/2012 4:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

1/22/2012 4:42:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/22/2012 4:42:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/22/2012 4:41:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfenlfk mfewfpk NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr Tcpip tdx Wanarpv6 WfpLwf

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:55 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

1/22/2012 4:41:54 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

1/22/2012 11:13:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/21/2012 9:55:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

1/21/2012 9:55:49 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.

1/21/2012 9:55:02 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.

1/21/2012 9:52:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Running unhide.exe should restore some of your hidden icons/programs:

http://download.blee...nler/unhide.exe

---------------------------------------

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Next..........

Please download and run RogueKiller.

http://tigzy.geeksto...RogueKiller.exe

Choose 1 to scan the system

Post back the report.

-------------------------

Last.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

MrCharlie,

Thank you for helping me.

Here's the FSS.txt file:

Farbar Service Scanner Version: 18-01-2012 01

Ran by Tom (administrator) on 26-01-2012 at 19:57:44

Microsoft Windows 7 Professional (X64)

Boot Mode: Nerwork

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.

Windows Update:

===========

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll

[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll

[2009-07-13 19:09] - [2009-07-13 20:40] - 0703488 ____A (Microsoft Corporation) 4992C609A6315671463E30F6512BC022

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe

[2009-07-13 18:39] - [2009-07-13 20:39] - 1598976 ____A (Microsoft Corporation) 787898BF9FB6D7BD87A36E2D95C899BA

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll

[2009-07-13 18:46] - [2009-07-13 20:41] - 0848384 ____A (Microsoft Corporation) 7F0C323FE3DA28AA4AA1BDA3F575707F

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2009-07-13 18:49] - [2009-07-13 20:40] - 0175104 ____A (Microsoft Corporation) 8C57411B66282C01533CB776F98AD384

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Here's the RogueKiller report:

RogueKiller V7.0.0 [01/26/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Safe mode with network support

User: Tom [Admin rights]

Mode: Scan -- Date : 01/26/2012 20:09:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 19 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : tSUpODctlIrm.exe (C:\ProgramData\tSUpODctlIrm.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-4006697793-4058252577-3510014290-1000[...]\Run : tSUpODctlIrm.exe (C:\ProgramData\tSUpODctlIrm.exe) -> FOUND

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[FOLDER] plugs : c:\users\tom\appdata\roaming\adobe\plugs --> FOUND

[FOLDER] shed : c:\users\tom\appdata\roaming\adobe\shed --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 986e1b99cc60295a81dc0286e24d8b8a

[bSP] 03e305809de40ceaf54bfec6cdaeba67 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 41 Mo

1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 81920 | Size: 10320 Mo

2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 20238336 | Size: 739792 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] bc5169acb6db867b2dc2b58f855c5ed2

[bSP] 89defa01dd37f6facb5c9523ae4165ce : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 1000202 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Here's the OTL output:

OTL logfile created on: 1/26/2012 8:16:34 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom\Desktop

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.05 Gb Available Physical Memory | 88.21% Memory free

15.98 Gb Paging File | 15.06 Gb Available in Paging File | 94.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 688.99 Gb Total Space | 596.60 Gb Free Space | 86.59% Space Free | Partition Type: NTFS

Computer Name: MYPC | User Name: Tom | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 22:30:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/17 14:02:17 | 000,049,152 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

MOD - [2011/07/17 14:02:16 | 000,040,960 | ---- | M] () -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

MOD - [2010/01/15 22:09:38 | 001,014,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2009/09/19 01:17:42 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2010/01/29 23:59:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/01/29 23:55:27 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010/01/29 23:55:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/09/17 14:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)

SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

SRV - [2009/02/23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2010/05/14 11:36:26 | 000,214,776 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PaeFireStudio.sys -- (PaeFireStudio)

DRV:64bit: - [2010/05/14 11:36:26 | 000,042,616 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PaeFireStudioMidi.sys -- (PaeFireStudioMidi)

DRV:64bit: - [2010/05/14 11:36:26 | 000,039,032 | ---- | M] (PreSonus Audio Electronics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PaeFireStudioAudio.sys -- (PaeFireStudioAudio)

DRV:64bit: - [2010/02/10 12:46:22 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)

DRV:64bit: - [2009/09/19 03:32:38 | 006,170,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/08/23 13:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/07/27 06:06:42 | 001,574,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)

DRV:64bit: - [2009/07/27 06:06:40 | 001,617,944 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)

DRV:64bit: - [2009/07/27 06:06:40 | 001,445,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)

DRV:64bit: - [2009/07/27 06:06:40 | 001,445,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)

DRV:64bit: - [2009/07/27 06:06:40 | 000,698,520 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)

DRV:64bit: - [2009/07/27 06:06:40 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)

DRV:64bit: - [2009/07/27 06:06:40 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV:64bit: - [2009/07/27 06:06:40 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)

DRV:64bit: - [2009/07/27 06:06:40 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)

DRV:64bit: - [2009/07/27 06:06:40 | 000,095,256 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)

DRV:64bit: - [2009/07/27 06:06:40 | 000,095,256 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)

DRV:64bit: - [2009/07/27 06:06:40 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)

DRV:64bit: - [2009/07/27 06:06:38 | 000,230,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)

DRV:64bit: - [2009/07/27 06:06:38 | 000,230,424 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)

DRV:64bit: - [2009/07/24 21:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2007/05/09 09:33:36 | 000,484,736 | ---- | M] (Pinnacle a division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinAVS64.sys -- (PinnacleMarvinAVS)

DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AC 73 C7 0C 3E DD 4B 4D 86 B6 D1 F4 19 A0 60 99 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AC 73 C7 0C 3E DD 4B 4D 86 B6 D1 F4 19 A0 60 99 [binary data]

IE - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

IE - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AC 73 C7 0C 3E DD 4B 4D 86 B6 D1 F4 19 A0 60 99 [binary data]

IE - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: {3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}:1.9.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5

FF - prefs.js..extensions.enabledItems: {86c56d72-0491-4ff9-a2a0-aa4a68b83970}:1.0

FF - prefs.js..extensions.enabledItems: {0244c830-c8f9-491b-8d2a-f63a68b17c6a}:1.0

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/04 21:42:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/01 13:38:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/01 13:38:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}: C:\Users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7} [2011/09/04 21:42:44 | 000,000,000 | ---D | M]

[2010/02/11 17:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions

[2012/01/22 19:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions

[2011/10/17 18:24:43 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{0244c830-c8f9-491b-8d2a-f63a68b17c6a}

[2011/09/10 18:02:03 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970}

[2012/01/22 19:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/09/04 21:42:39 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2011/09/04 21:42:44 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\TOM\APPDATA\LOCAL\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}

[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

========== Chrome ==========

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1\

O1 HOSTS File: ([2011/09/17 08:12:33 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227141022.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000..\Run: [tSUpODctlIrm.exe] C:\ProgramData\tSUpODctlIrm.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\SysWow64\grpconv.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe (Adobe Systems, Inc.)

O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/09/23 04:07:04 | 000,000,000 | ---D | M]

O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E359A986-72D7-4EFE-8E38-051C9AA41F29}: DhcpNameServer = 10.0.0.1

O18:64bit: - Protocol\Handler\gopher - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/26 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\RK_Quarantine

[2012/01/26 20:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/01/22 17:09:04 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Malware Fixes

[2012/01/21 22:58:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

[2012/01/21 21:33:45 | 000,000,000 | -HSD | C] -- C:\found.000

[2012/01/21 19:32:29 | 000,453,512 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\tSUpODctlIrm.exe

[2012/01/04 20:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2012/01/01 13:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/01/01 13:38:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012/01/01 13:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer

[2012/01/01 12:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2012/01/01 12:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan

[2010/02/14 07:22:02 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Tom\AppData\Roaming\DataSafeDotNet.exe

[2010/01/30 01:38:58 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe

[2010/01/30 01:38:57 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

========== Files - Modified Within 30 Days ==========

[2012/01/26 19:58:15 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/01/26 19:58:15 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/01/26 19:58:15 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/01/26 19:53:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/26 19:53:42 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/26 06:47:56 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-4006697793-4058252577-3510014290-1000.job

[2012/01/23 19:00:24 | 000,008,798 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\wklnhst.dat

[2012/01/21 22:30:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe

[2012/01/21 21:59:11 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00441102}.rfx

[2012/01/21 21:59:11 | 000,065,196 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00441102}.rfx

[2012/01/21 21:59:11 | 000,001,376 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00441102}.rfx

[2012/01/21 21:59:04 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 21:59:04 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/21 21:58:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/21 20:26:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4006697793-4058252577-3510014290-1000UA.job

[2012/01/21 18:54:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/20 07:26:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4006697793-4058252577-3510014290-1000Core.job

[2012/01/09 21:15:42 | 000,001,984 | -HS- | M] () -- C:\Users\Tom\AppData\Local\7ct6a68iue388sx5ba

[2012/01/09 21:15:42 | 000,001,984 | -HS- | M] () -- C:\ProgramData\7ct6a68iue388sx5ba

[2012/01/08 19:34:33 | 000,011,652 | -HS- | M] () -- C:\Users\Tom\AppData\Local\v41q3pe801yen80c83

[2012/01/08 19:34:33 | 000,011,652 | -HS- | M] () -- C:\ProgramData\v41q3pe801yen80c83

[2012/01/06 21:26:57 | 000,002,391 | ---- | M] () -- C:\Users\Tom\Desktop\Google Chrome.lnk

[2012/01/04 20:47:58 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012/01/04 20:47:58 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/01/02 18:43:41 | 000,001,808 | -HS- | M] () -- C:\Users\Tom\AppData\Local\05yi3e52pe1

[2012/01/02 18:43:41 | 000,001,808 | -HS- | M] () -- C:\ProgramData\05yi3e52pe1

[2012/01/01 13:38:33 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/12/31 21:59:31 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/12/29 23:12:57 | 000,002,262 | -HS- | M] () -- C:\Users\Tom\AppData\Local\xwpkqjnb4c8m

[2011/12/29 23:12:57 | 000,002,262 | -HS- | M] () -- C:\ProgramData\xwpkqjnb4c8m

[2011/12/27 23:38:56 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/27 23:29:48 | 000,004,636 | -HS- | M] () -- C:\Users\Tom\AppData\Local\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424

[2011/12/27 23:29:48 | 000,004,636 | -HS- | M] () -- C:\ProgramData\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424

========== Files Created - No Company Name ==========

[2012/01/22 17:16:31 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/01/22 17:16:31 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/01/22 17:16:31 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012/01/22 17:16:31 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/01/22 17:16:31 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/01/22 17:16:31 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk

[2012/01/22 17:16:31 | 000,001,272 | ---- | C] () -- C:\Users\Public\Desktop\Pinnacle Studio 14.lnk

[2012/01/22 17:16:31 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk

[2012/01/22 17:16:31 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/22 17:16:30 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk

[2012/01/22 17:16:30 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2012/01/22 17:16:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012/01/22 17:16:30 | 000,002,084 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk

[2012/01/22 17:16:30 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk

[2012/01/22 17:16:30 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/01/22 17:16:30 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

[2012/01/22 17:16:30 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2012/01/22 17:16:30 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2012/01/22 17:16:30 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2012/01/22 17:16:30 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2012/01/22 17:16:30 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2012/01/22 17:16:30 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk

[2012/01/22 00:33:27 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-4006697793-4058252577-3510014290-1000.job

[2012/01/09 21:12:59 | 000,001,984 | -HS- | C] () -- C:\Users\Tom\AppData\Local\7ct6a68iue388sx5ba

[2012/01/09 21:12:59 | 000,001,984 | -HS- | C] () -- C:\ProgramData\7ct6a68iue388sx5ba

[2012/01/08 19:32:23 | 000,011,652 | -HS- | C] () -- C:\Users\Tom\AppData\Local\v41q3pe801yen80c83

[2012/01/08 19:32:23 | 000,011,652 | -HS- | C] () -- C:\ProgramData\v41q3pe801yen80c83

[2012/01/02 18:43:13 | 000,001,808 | -HS- | C] () -- C:\Users\Tom\AppData\Local\05yi3e52pe1

[2012/01/02 18:43:13 | 000,001,808 | -HS- | C] () -- C:\ProgramData\05yi3e52pe1

[2011/12/29 23:12:21 | 000,002,262 | -HS- | C] () -- C:\Users\Tom\AppData\Local\xwpkqjnb4c8m

[2011/12/29 23:12:21 | 000,002,262 | -HS- | C] () -- C:\ProgramData\xwpkqjnb4c8m

[2011/12/27 23:28:55 | 000,004,636 | -HS- | C] () -- C:\Users\Tom\AppData\Local\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424

[2011/12/27 23:28:55 | 000,004,636 | -HS- | C] () -- C:\ProgramData\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424

[2011/09/14 18:58:11 | 000,000,084 | ---- | C] () -- C:\Windows\wininit.ini

[2011/07/17 10:53:02 | 000,000,120 | ---- | C] () -- C:\Users\Tom\AppData\Local\Enanagog.dat

[2011/07/17 10:53:02 | 000,000,000 | ---- | C] () -- C:\Users\Tom\AppData\Local\Oziritit.bin

[2011/07/17 10:44:58 | 000,010,484 | -HS- | C] () -- C:\Users\Tom\AppData\Local\t403nyg715hxl6frpb283066efsm1c

[2011/07/17 10:44:58 | 000,010,484 | -HS- | C] () -- C:\ProgramData\t403nyg715hxl6frpb283066efsm1c

[2010/10/27 05:41:05 | 000,000,006 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\completescan

[2010/04/25 18:48:31 | 000,007,168 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/09 00:30:25 | 000,007,605 | ---- | C] () -- C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

[2010/02/08 22:18:18 | 000,008,798 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\wklnhst.dat

[2010/01/30 01:49:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/01/30 01:38:59 | 000,386,451 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat

[2010/01/30 01:38:59 | 000,051,579 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat

[2010/01/30 01:38:59 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini

[2010/01/30 01:38:59 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini

[2010/01/30 01:38:58 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe

[2010/01/30 01:38:58 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL

[2010/01/30 01:38:58 | 000,000,321 | ---- | C] () -- C:\Windows\SysWow64\kill.ini

[2010/01/29 23:55:55 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2010/01/29 23:55:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/08/18 20:05:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Amazon

[2011/09/04 21:19:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Digiarty

[2011/09/04 21:19:41 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Leadertech

[2010/08/16 23:09:11 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\PreSonus

[2011/09/04 21:42:49 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\REAPER

[2010/02/08 23:14:45 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Template

[2011/12/27 14:46:58 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

and the extras:

OTL Extras logfile created on: 1/26/2012 8:16:34 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom\Desktop

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 7.18 Gb Available Physical Memory | 89.80% Memory free

15.98 Gb Paging File | 15.17 Gb Available in Paging File | 94.96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 688.99 Gb Total Space | 596.60 Gb Free Space | 86.59% Space Free | Partition Type: NTFS

Drive H: | 3.73 Gb Total Space | 3.43 Gb Free Space | 92.16% Space Free | Partition Type: FAT32

Computer Name: MYPC | User Name: Tom | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4006697793-4058252577-3510014290-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64

"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java 6 Update 14 (64-bit)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8A70B027-4813-B42B-FF66-04E58417028A}" = ccc-utility64

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst

"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"PreSonus Universal Control_is1" = PreSonus Universal Control 3.5.2.8028

"REAPER" = REAPER (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{065FD621-FE29-F086-8B68-26C40F2568F6}" = CCC Help Spanish

"{07B0A8BD-DC56-9391-029D-901B537C0EE5}" = CCC Help Finnish

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data

"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService

"{0A4DBC25-3DD9-9503-24D9-268112B62076}" = CCC Help Hungarian

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{1518157C-607B-2B60-B121-EAB7042C75AB}" = Skins

"{157AB353-60BB-E1A7-4E79-15C35655C694}" = CCC Help English

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B70920B-70FC-C906-623C-F366B0F7DB53}" = Catalyst Control Center InstallProxy

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools

"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{22E76329-0ED8-E755-2C14-07C80621DF7E}" = CCC Help Portuguese

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 19

"{27427D07-F798-0398-997C-525E982BF0BE}" = Catalyst Control Center Core Implementation

"{28A25B98-A2E9-89A5-FCF3-DF93B9564775}" = CCC Help Italian

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{33B436A1-64C1-1726-2209-E69BF2DFE138}" = CCC Help Czech

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{44047051-85A6-83A1-0B76-0A4EF34F82B2}" = Catalyst Control Center Localization All

"{482A6D85-E279-9B0F-8D36-091F3B64B787}" = Catalyst Control Center Graphics Previews Common

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4FB805E5-9716-C5D0-9114-65C78E3098DD}" = CCC Help Swedish

"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning

"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack

"{5A3B69A7-C63E-7F9B-55DD-CD65F7440FED}" = CCC Help Danish

"{5B1EF562-C533-9035-D6BB-7BD5C6D9DC3F}" = Catalyst Control Center Graphics Full Existing

"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning

"{63892687-346C-6868-029C-A1BCCCACC4C0}" = CCC Help Chinese Traditional

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{6C3BF763-2CC5-2E20-4491-DF399C05C547}" = CCC Help Greek

"{6F4ED9D9-0854-C415-7BD6-908380D81518}" = Catalyst Control Center Graphics Full New

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{877335C1-A573-6B0B-9635-DFD043E4445A}" = CCC Help Norwegian

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8EBA7A74-9CB9-1336-8F32-2E503E6D530F}" = CCC Help French

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement

"{90F1906E-C084-9499-DFC3-E8A191B1E259}" = Catalyst Control Center Graphics Light

"{934328D5-F05A-8749-2915-EDCBE9DBBC61}" = CCC Help Polish

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{995C73F0-2853-45DF-030F-DFEEB000BC10}" = CCC Help German

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10

"{A2767DE2-385F-2A50-592F-FB7B041926DE}" = CCC Help Chinese Standard

"{A4601B40-79E2-4E67-EB56-8A77B9D03839}" = CCC Help Dutch

"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AACCF0A0-B426-9DA1-7900-7CDA55C674BE}" = CCC Help Korean

"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7

"{B1AFAA4E-AE88-3B08-E40A-FB1D64F0F880}" = CCC Help Thai

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy

"{B6C07454-A9BC-D101-1DA7-B41E95008200}" = CCC Help Turkish

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C2B9D3E1-B7FB-00FB-A14C-664B13174ED4}" = CCC Help Russian

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E41E6CB8-AD30-A818-EA5D-0C6A92E51D0C}" = CCC Help Japanese

"{EA8F8D1C-0565-BD71-BFC3-57A21E8AA6FD}" = Catalyst Control Center Graphics Previews Vista

"{EC409A8A-525C-3F44-5266-13FAE4E5BF7B}" = ccc-core-static

"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

"ASIO4ALL" = ASIO4ALL

"AudioCS" = Creative Audio Control Panel

"Corel Applications" = Corel Applications

"CorelDRAW 10" = CorelDRAW 10

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition

"Dolby Digital Live Pack" = Dolby Digital Live Pack

"Emicsoft FLV Converter_is1" = Emicsoft FLV Converter

"FLV to WMV Convert_is1" = FLV to WMV Convert 2.7

"GoToAssist" = GoToAssist 8.0.0.514

"i-Fun Viewer_is1" = i-Fun Viewer

"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio

"Magic Bullet Looks Studio" = Magic Bullet Looks Studio

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"MSC" = McAfee SecurityCenter

"RealPlayer 12.0" = RealPlayer

"Red Giant ToonIt Studio" = Red Giant ToonIt Studio

"stax-Pinnacle_is1" = SureThing Express Labeler

"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio

"Trapcode Particular Studio" = Trapcode Particular Studio

"Trapcode Shine Studio" = Trapcode Shine Studio

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinX DVD Player_is1" = WinX DVD Player 3.1.1

"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.3.5

"WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.14

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4006697793-4058252577-3510014290-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/9/2011 7:58:38 PM | Computer Name = MyPC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 5/9/2011 8:38:21 PM | Computer Name = MyPC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 5/9/2011 8:39:20 PM | Computer Name = MyPC | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "c:\program files (x86)\microsoft\search

enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy

file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"

on line 2. Invalid Xml syntax.

Error - 5/10/2011 6:43:05 AM | Computer Name = MyPC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 5/10/2011 7:45:05 AM | Computer Name = MyPC | Source = Application Error | ID = 1000

Description = Faulting application name: RecordingManager.exe, version: 1.0.1.764,

time stamp: 0x4c29483f Faulting module name: uisy3201.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4c294365 Exception code: 0xc0000005 Fault offset: 0x63161c20 Faulting

process id: 0x1334 Faulting application start time: 0x01cc0f001348567f Faulting application

path: C:\Program Files (x86)\Real\RealPlayer\RecordingManager.exe Faulting module

path: uisy3201.dll Report Id: f27fa65f-7afa-11e0-8023-a4badb02c885

Error - 5/10/2011 8:45:48 PM | Computer Name = MyPC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 5/10/2011 10:02:06 PM | Computer Name = MyPC | Source = Application Error | ID = 1000

Description = Faulting application name: RecordingManager.exe, version: 1.0.1.764,

time stamp: 0x4c29483f Faulting module name: uisy3201.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4c294365 Exception code: 0xc0000005 Fault offset: 0x63161c20 Faulting

process id: 0x8a0 Faulting application start time: 0x01cc0f7abeac9e35 Faulting application

path: C:\Program Files (x86)\Real\RealPlayer\RecordingManager.exe Faulting module

path: uisy3201.dll Report Id: ab3d984f-7b72-11e0-83b6-a4badb02c885

Error - 5/10/2011 10:22:26 PM | Computer Name = MyPC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 5/10/2011 10:23:27 PM | Computer Name = MyPC | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "c:\program files (x86)\microsoft\search

enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy

file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"

on line 2. Invalid Xml syntax.

Error - 5/11/2011 6:53:18 AM | Computer Name = MyPC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]

Error - 12/6/2010 7:57:26 AM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 6:57:26 AM - Error connecting to the internet. 6:57:26 AM - Unable

to contact server..

Error - 12/6/2010 7:57:35 AM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 6:57:32 AM - Error connecting to the internet. 6:57:32 AM - Unable

to contact server..

Error - 12/27/2010 1:35:12 PM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 12:35:11 PM - Failed to retrieve SportsSchedule (Error: Unable to

connect to the remote server)

Error - 2/6/2011 1:09:13 PM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 12:09:10 PM - Failed to retrieve SportsSchedule (Error: The operation

has timed out)

Error - 6/8/2011 9:46:12 PM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 9:46:09 PM - Error connecting to the internet. 9:46:09 PM - Unable

to contact server..

Error - 8/9/2011 7:24:46 AM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 7:24:46 AM - Failed to retrieve NetTV (Error: Unable to connect to

the remote server)

Error - 8/10/2011 6:21:55 AM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 6:21:55 AM - Failed to retrieve Directory (Error: Unable to connect

to the remote server)

Error - 8/10/2011 6:23:03 AM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 6:22:40 AM - Failed to retrieve MCEClientUX (Error: Unable to connect

to the remote server)

Error - 8/10/2011 6:23:46 AM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 6:23:24 AM - Failed to retrieve SportsV2 (Error: Unable to connect

to the remote server)

Error - 8/10/2011 6:24:10 AM | Computer Name = MyPC | Source = MCUpdate | ID = 0

Description = 6:24:07 AM - Failed to retrieve Broadband (Error: Unable to connect

to the remote server)

[ System Events ]

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 1/21/2012 11:30:28 PM | Computer Name = MyPC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

< End of report >

Link to post
Share on other sites

Please run RogueKiller again > press 1 to scan then press 2 to delete/fix

----------------------------------

Please do this: (computer will need to reboot)

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKU\S-1-5-21-4006697793-4058252577-3510014290-1000..\Run: [tSUpODctlIrm.exe] C:\ProgramData\tSUpODctlIrm.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
    [2012/01/21 19:32:29 | 000,453,512 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\tSUpODctlIrm.exe
    [2012/01/09 21:15:42 | 000,001,984 | -HS- | M] () -- C:\Users\Tom\AppData\Local\7ct6a68iue388sx5ba
    [2012/01/09 21:15:42 | 000,001,984 | -HS- | M] () -- C:\ProgramData\7ct6a68iue388sx5ba
    [2012/01/08 19:34:33 | 000,011,652 | -HS- | M] () -- C:\Users\Tom\AppData\Local\v41q3pe801yen80c83
    [2012/01/08 19:34:33 | 000,011,652 | -HS- | M] () -- C:\ProgramData\v41q3pe801yen80c83
    [2012/01/02 18:43:41 | 000,001,808 | -HS- | M] () -- C:\Users\Tom\AppData\Local\05yi3e52pe1
    [2012/01/02 18:43:41 | 000,001,808 | -HS- | M] () -- C:\ProgramData\05yi3e52pe1
    [2011/12/29 23:12:57 | 000,002,262 | -HS- | M] () -- C:\Users\Tom\AppData\Local\xwpkqjnb4c8m
    [2011/12/29 23:12:57 | 000,002,262 | -HS- | M] () -- C:\ProgramData\xwpkqjnb4c8m
    [2011/12/27 23:29:48 | 000,004,636 | -HS- | M] () -- C:\Users\Tom\AppData\Local\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424
    [2011/12/27 23:29:48 | 000,004,636 | -HS- | M] () -- C:\ProgramData\11x22hl015bwhaq04b0aw0i6hnc4s5dew[2012/01/09 21:12:59 | 000,001,984 | -HS- | C] () -- C:\ProgramData\7ct6a68iue388sx5ba
    [2012/01/08 19:32:23 | 000,011,652 | -HS- | C] () -- C:\Users\Tom\AppData\Local\v41q3pe801yen80c83
    [2012/01/08 19:32:23 | 000,011,652 | -HS- | C] () -- C:\ProgramData\v41q3pe801yen80c83
    [2012/01/02 18:43:13 | 000,001,808 | -HS- | C] () -- C:\Users\Tom\AppData\Local\05yi3e52pe1
    [2012/01/02 18:43:13 | 000,001,808 | -HS- | C] () -- C:\ProgramData\05yi3e52pe1
    [2011/12/29 23:12:21 | 000,002,262 | -HS- | C] () -- C:\Users\Tom\AppData\Local\xwpkqjnb4c8m
    [2011/12/29 23:12:21 | 000,002,262 | -HS- | C] () -- C:\ProgramData\xwpkqjnb4c8m
    [2011/12/27 23:28:55 | 000,004,636 | -HS- | C] () -- C:\Users\Tom\AppData\Local\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424
    [2011/12/27 23:28:55 | 000,004,636 | -HS- | C] () -- C:\ProgramData\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424
    [2011/07/17 10:44:58 | 000,010,484 | -HS- | C] () -- C:\Users\Tom\AppData\Local\t403nyg715hxl6frpb283066efsm1c
    [2011/07/17 10:44:58 | 000,010,484 | -HS- | C] () -- C:\ProgramData\t403nyg715hxl6frpb283066efsm1c
    :Commands
    [createrestorepoint]
    [REBOOT]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

MrC,

Here's the log file after running OTL with custom fixes you provided and rebooting. ( I am still booting into Safe Mode)

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4006697793-4058252577-3510014290-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-4006697793-4058252577-3510014290-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tSUpODctlIrm.exe not found.

C:\ProgramData\tSUpODctlIrm.exe moved successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.

File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.

C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

File C:\ProgramData\tSUpODctlIrm.exe not found.

C:\Users\Tom\AppData\Local\7ct6a68iue388sx5ba moved successfully.

C:\ProgramData\7ct6a68iue388sx5ba moved successfully.

C:\Users\Tom\AppData\Local\v41q3pe801yen80c83 moved successfully.

C:\ProgramData\v41q3pe801yen80c83 moved successfully.

C:\Users\Tom\AppData\Local\05yi3e52pe1 moved successfully.

C:\ProgramData\05yi3e52pe1 moved successfully.

C:\Users\Tom\AppData\Local\xwpkqjnb4c8m moved successfully.

C:\ProgramData\xwpkqjnb4c8m moved successfully.

C:\Users\Tom\AppData\Local\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424 moved successfully.

File C:\ProgramData\11x22hl015bwhaq04b0aw0i6hnc4s5dew[2012/01/09 21:12:59 | 000,001,984 | -HS- | C] () -- C:\ProgramData\7ct6a68iue388sx5ba not found.

File C:\Users\Tom\AppData\Local\v41q3pe801yen80c83 not found.

File C:\ProgramData\v41q3pe801yen80c83 not found.

File C:\Users\Tom\AppData\Local\05yi3e52pe1 not found.

File C:\ProgramData\05yi3e52pe1 not found.

File C:\Users\Tom\AppData\Local\xwpkqjnb4c8m not found.

File C:\ProgramData\xwpkqjnb4c8m not found.

File C:\Users\Tom\AppData\Local\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424 not found.

C:\ProgramData\11x22hl015bwhaq04b0aw0i6hnc4s5dewspx6j6s5y424 moved successfully.

C:\Users\Tom\AppData\Local\t403nyg715hxl6frpb283066efsm1c moved successfully.

C:\ProgramData\t403nyg715hxl6frpb283066efsm1c moved successfully.

========== COMMANDS ==========

Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 01272012_185824

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

MrC,

Here's the ComboFix log:

ComboFix 12-01-27.04 - Tom 01/27/2012 20:59:06.1.8 - x64 NETWORK

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8183.7178 [GMT -5:00]

Running from: c:\users\Tom\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}

c:\users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}\chrome.manifest

c:\users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}\chrome\content\overlay.xul

c:\users\Tom\AppData\Local\{3DEBA5A5-6ACB-4AC6-8ACC-69A62A45D9F7}\install.rdf

c:\users\Tom\AppData\Roaming\completescan

c:\users\Tom\AppData\Roaming\Microsoft\Windows\Templates\7ct6a68iue388sx5ba

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{0244c830-c8f9-491b-8d2a-f63a68b17c6a}

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{0244c830-c8f9-491b-8d2a-f63a68b17c6a}\chrome\xulcache.jar

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{0244c830-c8f9-491b-8d2a-f63a68b17c6a}\install.rdf

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970}

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970}\chrome.manifest

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970}\chrome\xulcache.jar

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970}\defaults\preferences\xulcache.js

c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\extensions\{86c56d72-0491-4ff9-a2a0-aa4a68b83970}\install.rdf

c:\users\Tom\Taskmgr.exe

c:\windows\system32\java.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-28 )))))))))))))))))))))))))))))))

.

.

2012-01-28 02:03 . 2012-01-28 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-27 23:58 . 2012-01-27 23:58 -------- d-----w- C:\_OTL

2012-01-22 02:33 . 2012-01-22 02:33 -------- d-----w- C:\found.000

2012-01-11 11:32 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 11:32 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 11:32 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 11:32 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 11:32 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 11:32 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 11:32 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 11:32 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-01 17:25 . 2012-01-01 17:25 -------- d-----w- c:\programdata\McAfee Security Scan

2012-01-01 17:25 . 2012-01-05 01:47 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-01-01 17:25 . 2012-01-01 17:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-28 02:15 . 2010-02-10 04:50 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-10 20:24 . 2010-10-28 00:07 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-24 05:00 . 2011-12-15 00:49 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 05:26 . 2011-12-15 00:50 1197568 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:23 . 2011-12-15 00:50 57856 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-05 05:17 . 2011-12-15 00:49 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-15 00:50 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:34 . 2011-12-15 00:50 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-11-05 04:30 . 2011-12-15 00:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 04:07 . 2011-12-15 00:50 482816 ----a-w- c:\windows\system32\html.iec

2011-11-05 03:28 . 2011-12-15 00:50 386048 ----a-w- c:\windows\SysWow64\html.iec

2011-11-05 03:25 . 2011-12-15 00:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:55 . 2011-12-15 00:50 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]

"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-27 24064]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2011-07-17 202256]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Seagate Product Registration.lnk - c:\users\Tom\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe [2011-6-11 1731736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Corel Family and Friends Reminders.LNK - c:\program files (x86)\Corel\Print House Magic\cffrem.exe [2010-11-30 666112]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 135664]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-01-30 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-01-30 79360]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]

R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]

R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]

R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 135664]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 PaeFireStudio;PreSonus FireStudio;c:\windows\system32\Drivers\PaeFireStudio.sys [x]

R3 PaeFireStudioAudio;PreSonus FireStudio Audio;c:\windows\system32\drivers\PaeFireStudioAudio.sys [x]

R3 PaeFireStudioMidi;PreSonus FireStudio MIDI;c:\windows\system32\drivers\PaeFireStudioMidi.sys [x]

R3 PinnacleMarvinAVS;Pinnacle AVStream Service for MovieBox Deluxe, 500-USB and 700-USB;c:\windows\system32\DRIVERS\MarvinAVS64.sys [x]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 03:10]

.

2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 03:10]

.

2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4006697793-4058252577-3510014290-1000Core.job

- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-28 03:10]

.

2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4006697793-4058252577-3510014290-1000UA.job

- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-28 03:10]

.

2012-01-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4006697793-4058252577-3510014290-1000.job

- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\4imqfxt1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-RunOnce-OTL - c:\users\Tom\Desktop\OTL.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-27 21:07:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-28 02:07

.

Pre-Run: 640,462,532,608 bytes free

Post-Run: 643,050,749,952 bytes free

.

- - End Of File - - 7D4896463C4605C86E09B28739BEB5BB

Link to post
Share on other sites

Looks clean. Time to do a normal reboot?

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.28.04

Windows 7 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7600.16385

Tom :: MYPC [administrator]

1/28/2012 9:36:49 AM

mbam-log-2012-01-28 (09-36-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 183096

Time elapsed: 1 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

MrC,

The full scan with mbam never completed. When I returned to the machine it had rebooted and there was a McAfee window open indicated that it had found and removed 10 viruses.

However, I cannot find any log file in McAfee showing the items that it found. So I'm running a new full scan with mbam now, then I'll do another with McAfee. I will post the results shortly.

Thanks!

TMS54

Link to post
Share on other sites

Yes that's possible.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

----------------------------------

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Farbar Service Scanner and RogueKiller you can just delete them and the logs.

Any questions...please post back.

If I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.