Jump to content

I get redirected can you Help?


Recommended Posts

Hello cadmando and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not install software or hardware while we working on the machine.

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, please include:

  • TDSSKiller log
  • OTL.Txt and Extras.Txt

Link to post
Share on other sites

10:45:49.0281 3832 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36

10:45:51.0281 3832 ============================================================

10:45:51.0281 3832 Current date / time: 2012/01/30 10:45:51.0281

10:45:51.0281 3832 SystemInfo:

10:45:51.0281 3832

10:45:51.0281 3832 OS Version: 5.1.2600 ServicePack: 3.0

10:45:51.0281 3832 Product type: Workstation

10:45:51.0281 3832 ComputerName: P4

10:45:51.0281 3832 UserName: Dan Nelson

10:45:51.0281 3832 Windows directory: C:\WINDOWS

10:45:51.0281 3832 System windows directory: C:\WINDOWS

10:45:51.0281 3832 Processor architecture: Intel x86

10:45:51.0281 3832 Number of processors: 2

10:45:51.0281 3832 Page size: 0x1000

10:45:51.0281 3832 Boot type: Normal boot

10:45:51.0281 3832 ============================================================

10:45:57.0062 3832 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

10:45:57.0078 3832 \Device\Harddisk0\DR0:

10:45:57.0078 3832 MBR used

10:45:57.0078 3832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1

10:45:57.0125 3832 Initialize success

10:45:57.0125 3832 ============================================================

10:46:41.0500 2640 ============================================================

10:46:41.0500 2640 Scan started

10:46:41.0500 2640 Mode: Manual; SigCheck; TDLFS;

10:46:41.0500 2640 ============================================================

10:46:42.0390 2640 Abiosdsk - ok

10:46:42.0656 2640 abp480n5 - ok

10:46:43.0187 2640 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:46:43.0265 2640 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17

10:46:43.0265 2640 ACPI ( Virus.Win32.Rloader.a ) - infected

10:46:43.0265 2640 ACPI - detected Virus.Win32.Rloader.a (0)

10:46:43.0593 2640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:46:50.0968 2640 ACPIEC - ok

10:46:51.0265 2640 adpu160m - ok

10:46:51.0625 2640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:46:52.0156 2640 aec - ok

10:46:52.0531 2640 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

10:46:52.0984 2640 AFD - ok

10:46:53.0312 2640 Aha154x - ok

10:46:53.0593 2640 aic78u2 - ok

10:46:53.0984 2640 aic78xx - ok

10:46:54.0281 2640 AliIde - ok

10:46:54.0531 2640 amsint - ok

10:46:54.0953 2640 asc - ok

10:46:55.0203 2640 asc3350p - ok

10:46:55.0500 2640 asc3550 - ok

10:46:55.0984 2640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:46:56.0234 2640 AsyncMac - ok

10:46:56.0578 2640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:46:56.0906 2640 atapi - ok

10:46:57.0125 2640 Atdisk - ok

10:46:57.0703 2640 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:46:58.0546 2640 ati2mtag - ok

10:46:59.0015 2640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:46:59.0265 2640 Atmarpc - ok

10:46:59.0546 2640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:46:59.0750 2640 audstub - ok

10:47:00.0234 2640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:47:00.0453 2640 Beep - ok

10:47:00.0890 2640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:47:01.0140 2640 cbidf2k - ok

10:47:01.0406 2640 cd20xrnt - ok

10:47:01.0734 2640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:47:02.0109 2640 Cdaudio - ok

10:47:02.0468 2640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:47:02.0734 2640 Cdfs - ok

10:47:03.0187 2640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:47:03.0437 2640 Cdrom - ok

10:47:03.0812 2640 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys

10:47:04.0265 2640 cfwids - ok

10:47:04.0562 2640 Changer - ok

10:47:04.0968 2640 CmdIde - ok

10:47:05.0281 2640 Cpqarray - ok

10:47:05.0640 2640 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

10:47:06.0000 2640 ctsfm2k - ok

10:47:06.0343 2640 dac2w2k - ok

10:47:06.0640 2640 dac960nt - ok

10:47:07.0109 2640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:47:07.0359 2640 Disk - ok

10:47:08.0156 2640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:47:08.0953 2640 dmboot - ok

10:47:09.0281 2640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:47:09.0609 2640 dmio - ok

10:47:10.0062 2640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:47:10.0265 2640 dmload - ok

10:47:10.0609 2640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:47:10.0906 2640 DMusic - ok

10:47:11.0171 2640 dpti2o - ok

10:47:11.0453 2640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:47:11.0671 2640 drmkaud - ok

10:47:12.0234 2640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:47:12.0546 2640 Fastfat - ok

10:47:13.0031 2640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:47:13.0281 2640 Fdc - ok

10:47:13.0578 2640 FETNDISB (e7ca05fdefd199492a45c7a784143b20) C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys

10:47:13.0656 2640 FETNDISB - ok

10:47:14.0203 2640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:47:14.0515 2640 Fips - ok

10:47:14.0968 2640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:47:15.0218 2640 Flpydisk - ok

10:47:15.0578 2640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:47:15.0921 2640 FltMgr - ok

10:47:16.0250 2640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:47:16.0468 2640 Fs_Rec - ok

10:47:16.0796 2640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:47:17.0265 2640 Ftdisk - ok

10:47:17.0625 2640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:47:17.0890 2640 Gpc - ok

10:47:18.0187 2640 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:47:18.0421 2640 hidusb - ok

10:47:18.0718 2640 hpn - ok

10:47:19.0250 2640 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

10:47:19.0453 2640 HPZid412 - ok

10:47:19.0921 2640 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

10:47:20.0078 2640 HPZipr12 - ok

10:47:20.0437 2640 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

10:47:20.0859 2640 HPZius12 - ok

10:47:21.0359 2640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:47:21.0546 2640 HTTP - ok

10:47:21.0984 2640 i2omgmt - ok

10:47:22.0281 2640 i2omp - ok

10:47:22.0625 2640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:47:22.0906 2640 i8042prt - ok

10:47:23.0265 2640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:47:23.0531 2640 Imapi - ok

10:47:23.0921 2640 ini910u - ok

10:47:24.0296 2640 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:47:24.0546 2640 IntelIde - ok

10:47:25.0000 2640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

10:47:25.0234 2640 intelppm - ok

10:47:25.0625 2640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:47:25.0906 2640 Ip6Fw - ok

10:47:26.0250 2640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:47:26.0484 2640 IpFilterDriver - ok

10:47:26.0968 2640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:47:27.0218 2640 IpInIp - ok

10:47:27.0578 2640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:47:27.0921 2640 IpNat - ok

10:47:28.0265 2640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:47:28.0531 2640 IPSec - ok

10:47:28.0968 2640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:47:29.0218 2640 IRENUM - ok

10:47:29.0562 2640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:47:29.0812 2640 isapnp - ok

10:47:30.0281 2640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:47:30.0515 2640 Kbdclass - ok

10:47:30.0984 2640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:47:31.0281 2640 kmixer - ok

10:47:31.0703 2640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:47:32.0000 2640 KSecDD - ok

10:47:32.0421 2640 lbrtfdc - ok

10:47:33.0046 2640 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys

10:47:33.0312 2640 mfeapfk - ok

10:47:33.0703 2640 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys

10:47:34.0062 2640 mfeavfk - ok

10:47:34.0390 2640 mfeavfk01 - ok

10:47:34.0734 2640 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys

10:47:35.0125 2640 mfebopk - ok

10:47:35.0546 2640 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys

10:47:36.0015 2640 mfefirek - ok

10:47:36.0484 2640 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys

10:47:37.0343 2640 mfehidk - ok

10:47:37.0718 2640 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

10:47:38.0109 2640 mfendisk - ok

10:47:38.0171 2640 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys

10:47:38.0203 2640 mfendiskmp - ok

10:47:38.0562 2640 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys

10:47:38.0750 2640 mferkdet - ok

10:47:39.0203 2640 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys

10:47:39.0234 2640 mferkdk - ok

10:47:39.0609 2640 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys

10:47:40.0000 2640 mfesmfk - ok

10:47:40.0406 2640 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys

10:47:40.0453 2640 mfetdi2k - ok

10:47:40.0781 2640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:47:41.0171 2640 mnmdd - ok

10:47:41.0468 2640 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys

10:47:41.0500 2640 MOBKFilter - ok

10:47:41.0765 2640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:47:42.0109 2640 Modem - ok

10:47:42.0359 2640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:47:42.0625 2640 Mouclass - ok

10:47:43.0015 2640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:47:43.0281 2640 mouhid - ok

10:47:43.0531 2640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:47:43.0781 2640 MountMgr - ok

10:47:44.0312 2640 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys

10:47:44.0390 2640 MPFP - ok

10:47:44.0718 2640 mraid35x - ok

10:47:45.0265 2640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:47:45.0625 2640 MRxDAV - ok

10:47:46.0296 2640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:47:47.0125 2640 MRxSmb - ok

10:47:47.0437 2640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:47:47.0687 2640 Msfs - ok

10:47:48.0093 2640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:47:48.0328 2640 MSKSSRV - ok

10:47:48.0609 2640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:47:48.0921 2640 MSPCLOCK - ok

10:47:49.0250 2640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:47:49.0515 2640 MSPQM - ok

10:47:49.0796 2640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:47:50.0125 2640 mssmbios - ok

10:47:50.0468 2640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

10:47:50.0859 2640 Mup - ok

10:47:51.0328 2640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:47:51.0656 2640 NDIS - ok

10:47:52.0062 2640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:47:52.0359 2640 NdisTapi - ok

10:47:52.0703 2640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:47:52.0953 2640 Ndisuio - ok

10:47:53.0265 2640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:47:53.0531 2640 NdisWan - ok

10:47:54.0109 2640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

10:47:54.0421 2640 NDProxy - ok

10:47:54.0781 2640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:47:55.0125 2640 NetBIOS - ok

10:47:55.0468 2640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:47:55.0765 2640 NetBT - ok

10:47:56.0093 2640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:47:56.0343 2640 Npfs - ok

10:47:56.0859 2640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:47:57.0484 2640 Ntfs - ok

10:47:57.0812 2640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:47:58.0046 2640 Null - ok

10:47:58.0343 2640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:47:58.0609 2640 NwlnkFlt - ok

10:47:59.0000 2640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:47:59.0265 2640 NwlnkFwd - ok

10:47:59.0703 2640 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

10:47:59.0968 2640 ossrv - ok

10:48:00.0656 2640 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys

10:48:01.0218 2640 P17 - ok

10:48:01.0609 2640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:48:01.0906 2640 Parport - ok

10:48:02.0187 2640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:48:02.0421 2640 PartMgr - ok

10:48:02.0734 2640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:48:02.0953 2640 ParVdm - ok

10:48:03.0296 2640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:48:03.0546 2640 PCI - ok

10:48:03.0875 2640 PCIDump - ok

10:48:04.0171 2640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

10:48:04.0406 2640 PCIIde - ok

10:48:04.0781 2640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:48:05.0046 2640 Pcmcia - ok

10:48:05.0312 2640 PDCOMP - ok

10:48:05.0578 2640 PDFRAME - ok

10:48:05.0890 2640 PDRELI - ok

10:48:06.0203 2640 PDRFRAME - ok

10:48:06.0484 2640 perc2 - ok

10:48:06.0812 2640 perc2hib - ok

10:48:07.0140 2640 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys

10:48:07.0203 2640 PfModNT - ok

10:48:07.0578 2640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:48:07.0843 2640 PptpMiniport - ok

10:48:08.0140 2640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:48:08.0406 2640 PSched - ok

10:48:08.0718 2640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:48:08.0953 2640 Ptilink - ok

10:48:09.0281 2640 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:48:09.0312 2640 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

10:48:09.0312 2640 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

10:48:09.0593 2640 ql1080 - ok

10:48:09.0906 2640 Ql10wnt - ok

10:48:10.0218 2640 ql12160 - ok

10:48:10.0515 2640 ql1240 - ok

10:48:10.0859 2640 ql1280 - ok

10:48:11.0171 2640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:48:11.0406 2640 RasAcd - ok

10:48:11.0984 2640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:48:12.0250 2640 Rasl2tp - ok

10:48:12.0593 2640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:48:12.0859 2640 RasPppoe - ok

10:48:13.0187 2640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:48:13.0421 2640 Raspti - ok

10:48:13.0812 2640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:48:14.0125 2640 Rdbss - ok

10:48:14.0468 2640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:48:14.0671 2640 RDPCDD - ok

10:48:15.0046 2640 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

10:48:15.0515 2640 RDPWD - ok

10:48:15.0859 2640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:48:16.0109 2640 redbook - ok

10:48:16.0437 2640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:48:16.0703 2640 Secdrv - ok

10:48:17.0000 2640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:48:17.0265 2640 serenum - ok

10:48:17.0562 2640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:48:17.0859 2640 Serial - ok

10:48:18.0156 2640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:48:18.0343 2640 Sfloppy - ok

10:48:18.0578 2640 Simbad - ok

10:48:18.0984 2640 Sparrow - ok

10:48:19.0218 2640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:48:19.0390 2640 splitter - ok

10:48:19.0687 2640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:48:19.0953 2640 sr - ok

10:48:20.0343 2640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

10:48:20.0734 2640 Srv - ok

10:48:21.0140 2640 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

10:48:21.0484 2640 StillCam - ok

10:48:21.0765 2640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:48:22.0031 2640 swenum - ok

10:48:22.0281 2640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:48:22.0468 2640 swmidi - ok

10:48:22.0718 2640 symc810 - ok

10:48:23.0046 2640 symc8xx - ok

10:48:23.0281 2640 sym_hi - ok

10:48:23.0515 2640 sym_u3 - ok

10:48:23.0796 2640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:48:24.0093 2640 sysaudio - ok

10:48:24.0468 2640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:48:24.0734 2640 Tcpip - ok

10:48:25.0125 2640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:48:25.0312 2640 TDPIPE - ok

10:48:25.0578 2640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:48:25.0750 2640 TDTCP - ok

10:48:26.0125 2640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:48:26.0390 2640 TermDD - ok

10:48:26.0625 2640 TosIde - ok

10:48:27.0031 2640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:48:27.0218 2640 Udfs - ok

10:48:27.0437 2640 ultra - ok

10:48:27.0906 2640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:48:28.0296 2640 Update - ok

10:48:28.0578 2640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:48:28.0750 2640 usbccgp - ok

10:48:29.0140 2640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

10:48:29.0328 2640 usbehci - ok

10:48:29.0609 2640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:48:29.0937 2640 usbhub - ok

10:48:30.0203 2640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:48:30.0390 2640 usbprint - ok

10:48:30.0625 2640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:48:30.0906 2640 usbscan - ok

10:48:31.0187 2640 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:48:31.0421 2640 USBSTOR - ok

10:48:31.0656 2640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:48:31.0921 2640 usbuhci - ok

10:48:32.0171 2640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:48:32.0359 2640 VgaSave - ok

10:48:32.0609 2640 ViaIde - ok

10:48:33.0015 2640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:48:33.0203 2640 VolSnap - ok

10:48:33.0484 2640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:48:33.0671 2640 Wanarp - ok

10:48:34.0031 2640 WDICA - ok

10:48:34.0296 2640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:48:34.0500 2640 wdmaud - ok

10:48:34.0937 2640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:48:35.0062 2640 WudfPf - ok

10:48:35.0359 2640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:48:35.0421 2640 WudfRd - ok

10:48:35.0453 2640 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

10:48:35.0921 2640 \Device\Harddisk0\DR0 - ok

10:48:35.0921 2640 Boot (0x1200) (5f217cc5f550daf7c6aa600a71c29819) \Device\Harddisk0\DR0\Partition0

10:48:35.0921 2640 \Device\Harddisk0\DR0\Partition0 - ok

10:48:35.0921 2640 ============================================================

10:48:35.0921 2640 Scan finished

10:48:35.0921 2640 ============================================================

10:48:36.0031 1236 Detected object count: 2

10:48:36.0031 1236 Actual detected object count: 2

10:51:16.0171 1236 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine

10:51:22.0187 1236 Backup copy found, using it..

10:51:22.0281 1236 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot

10:51:22.0281 1236 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure

10:51:22.0281 1236 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

10:51:22.0281 1236 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

10:52:21.0125 2524 Deinitialize success

=============================================================================

OTL logfile created on: 1/30/2012 11:41:46 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dan Nelson\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.80% Memory free

2.60 Gb Paging File | 2.10 Gb Available in Paging File | 80.55% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 270.86 Gb Free Space | 90.87% Space Free | Partition Type: NTFS

Computer Name: P4 | User Name: Dan Nelson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 11:40:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Nelson\Desktop\OTL.exe

PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

PRC - [2011/02/07 15:42:10 | 000,477,560 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe

PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2010/12/14 06:31:12 | 000,184,552 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe

PRC - [2010/02/05 20:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe

PRC - [2009/09/16 15:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2003/09/17 09:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/25 10:48:13 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

MOD - [2012/01/25 10:18:30 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

MOD - [2012/01/25 10:18:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2010/02/05 20:14:42 | 000,077,624 | ---- | M] () -- C:\Program Files\McAfee Online Backup\librs2.dll

MOD - [2008/11/05 10:45:17 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll

MOD - [2004/06/10 08:51:20 | 000,060,928 | R--- | M] () -- C:\WINDOWS\system32\P17.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011/06/23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/02/05 20:14:42 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)

SRV - [2009/09/16 15:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2009/03/16 12:29:28 | 006,562,432 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe -- (wampmysqld)

SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)

SRV - [2007/08/08 23:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

========== Driver Services (SafeList) ==========

DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011/10/15 13:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2011/10/15 13:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2011/10/15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/02/05 20:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)

DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)

DRV - [2005/07/01 15:48:42 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)

DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/06/09 09:16:44 | 000,840,960 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2003/09/22 05:48:06 | 000,130,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2003/09/22 05:47:38 | 000,178,672 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2003/03/05 09:19:28 | 000,015,840 | R--- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-725345543-413027322-2147145749-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-725345543-413027322-2147145749-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-725345543-413027322-2147145749-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/01/23 12:22:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/01/30 11:01:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/01/18 09:49:08 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111230103813.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()

O4 - HKLM..\Run: [updReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O15 - HKU\S-1-5-21-725345543-413027322-2147145749-1004\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-725345543-413027322-2147145749-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-725345543-413027322-2147145749-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-725345543-413027322-2147145749-1004\..Trusted Domains: noaa.gov ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-725345543-413027322-2147145749-1004\..Trusted Domains: twitter.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-725345543-413027322-2147145749-1004\..Trusted Domains: weather.gov ([radar] http in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://maps.cityofre...et/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221313917948 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1222792581125 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...561/mcfscan.cab (McFreeScan Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41122374-1F6D-41BC-BAE1-B7D6E8CAFB46}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Dan Nelson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dan Nelson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/13 05:17:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{3d6a31ef-c959-11dd-98a9-001346996eec}\Shell - "" = AutoRun

O33 - MountPoints2\{3d6a31ef-c959-11dd-98a9-001346996eec}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3d6a31ef-c959-11dd-98a9-001346996eec}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 11:40:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan Nelson\Desktop\OTL.exe

[2012/01/30 10:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2012/01/30 10:51:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/01/30 10:45:05 | 002,059,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan Nelson\Desktop\tdsskiller.exe

[2012/01/27 11:59:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Dan Nelson\Desktop\dds.scr

[2012/01/27 11:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Nelson\Application Data\Malwarebytes

[2012/01/27 11:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/27 11:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/01/27 11:22:46 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/01/27 11:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/25 10:12:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/12/18 14:43:09 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

[2008/09/15 11:47:27 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 11:40:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan Nelson\Desktop\OTL.exe

[2012/01/30 11:38:04 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Dan Nelson\Desktop\Microsoft Office Outlook 2003.lnk

[2012/01/30 11:34:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/30 10:59:56 | 000,505,220 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/30 10:59:56 | 000,089,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/30 10:59:03 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk

[2012/01/30 10:55:37 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/30 10:55:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/30 10:45:20 | 002,059,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Dan Nelson\Desktop\tdsskiller.exe

[2012/01/29 14:26:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012/01/27 12:10:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Dan Nelson\Desktop\gmer.exe

[2012/01/27 12:09:17 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Dan Nelson\Desktop\gmer.zip

[2012/01/27 11:59:23 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Dan Nelson\Desktop\dds.scr

[2012/01/27 11:22:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/25 10:28:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/01/25 09:56:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/25 09:08:31 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Dan Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk

[2012/01/23 12:22:45 | 000,003,568 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap

[2012/01/18 09:49:08 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/01/15 01:07:53 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job

[2012/01/11 12:50:44 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Dan Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2012/01/04 09:43:28 | 000,001,641 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr

[2012/01/03 15:00:13 | 000,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google SketchUp 8.lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/27 12:10:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Dan Nelson\Desktop\gmer.exe

[2012/01/27 12:09:15 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Dan Nelson\Desktop\gmer.zip

[2012/01/27 11:22:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2010/12/18 15:35:09 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe

[2010/12/02 06:49:04 | 000,310,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/09/16 10:55:07 | 000,116,956 | ---- | C] () -- C:\WINDOWS\hpoins11.dat

[2010/08/10 13:13:48 | 002,335,292 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-413027322-2147145749-1004-0.dat

[2010/08/10 13:13:45 | 000,155,322 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2009/11/09 14:31:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/12/17 13:02:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/11/26 12:14:34 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Dan Nelson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/05 10:59:48 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2008/11/05 10:45:17 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2008/11/05 10:45:17 | 000,000,124 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2008/10/06 09:11:59 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2008/10/06 09:11:43 | 000,000,162 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2008/10/06 09:10:49 | 000,000,815 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2008/09/22 10:59:20 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\imgpdf2.dll

[2008/09/19 12:15:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI

[2008/09/16 16:04:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dan Nelson\Application Data\winscp.rnd

[2008/09/16 12:09:23 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini

[2008/09/15 12:06:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/09/15 11:48:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2008/09/15 11:48:00 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI

[2008/09/15 11:47:58 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT

[2008/09/15 11:47:28 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2008/09/15 11:47:28 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2008/09/15 11:47:26 | 000,060,928 | R--- | C] () -- C:\WINDOWS\System32\P17.dll

[2008/09/15 11:47:26 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2008/09/15 09:06:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2008/09/15 08:49:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

[2008/09/13 05:19:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008/09/13 05:15:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2008/09/12 23:10:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/09/12 23:08:49 | 000,164,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/07/31 20:21:05 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

[2008/07/31 19:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[2008/07/31 19:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2008/07/31 19:59:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2008/06/23 05:47:40 | 000,174,820 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2006/05/05 13:18:56 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat

[2004/09/22 10:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/09/17 16:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2004/08/12 06:11:42 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 06:11:41 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 06:04:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 06:03:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 06:03:20 | 000,505,220 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/12 06:03:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 06:03:19 | 000,089,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/12 06:02:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/12 05:59:52 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 05:59:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 05:57:10 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 05:56:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

================================================

OTL Extras logfile created on: 1/30/2012 11:41:46 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dan Nelson\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.80% Memory free

2.60 Gb Paging File | 2.10 Gb Available in Paging File | 80.55% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 298.08 Gb Total Space | 270.86 Gb Free Space | 90.87% Space Free | Partition Type: NTFS

Computer Name: P4 | User Name: Dan Nelson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)

"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173)

"C:\Program Files\Namo\WebEditor 8 Trial\bin\WebEditor.exe" = C:\Program Files\Namo\WebEditor 8 Trial\bin\WebEditor.exe:*:Enabled:Namo WebEditor 8

"D:\setup\HPZNET01.EXE" = D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe

"D:\setup\HPONICIFS01.EXE" = D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe

"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe

"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe

"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4

"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{474A21E3-EC39-4051-9ACA-79AFCABD5D45}" = Microsoft Expression Web 3 SP2

"{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}" = Google SketchUp 8

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4

"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI

"{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}" = Microsoft Office Live Meeting 2007

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A

"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+

"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit

"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup

"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan

"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2

"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA

"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA

"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"All ATI Software" = ATI - Software Uninstall Utility

"Any Video Converter_is1" = Any Video Converter 2.7.1

"ATI Display Driver" = ATI Display Driver

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Dell_HostCD" = Dell Printer Software Uninstall

"Design_7.0.20516.0" = Microsoft Expression Design 4

"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4

"Google Updater" = Google Updater

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{C71A1FD7-EB23-45AA-A9AA-8DFEC0881875}" = 530TX+

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSC" = McAfee Total Protection

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Pdf995" = Pdf995

"PdfEdit995" = PdfEdit995

"REScheck 4.3.0" = REScheck 4.3.0

"Signature995" = Signature995

"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter

"WampServer 2_is1" = WampServer 2.0

"Web_3.0.3816.0" = Microsoft Expression Web 3

"Web_4.0.1303.0" = Microsoft Expression Web 4

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"winscp3_is1" = WinSCP 4.1.6

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725345543-413027322-2147145749-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/27/2012 11:00:22 AM | Computer Name = P4 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download....authrootseq.txt>

with error: The server name or address could not be resolved

Error - 1/27/2012 12:00:27 PM | Computer Name = P4 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download....authrootseq.txt>

with error: This network connection does not exist.

Error - 1/27/2012 12:00:27 PM | Computer Name = P4 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download....authrootseq.txt>

with error: The server name or address could not be resolved

Error - 1/27/2012 12:07:57 PM | Computer Name = P4 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download....authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 1/30/2012 3:05:22 PM | Computer Name = P4 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2012 3:05:26 PM | Computer Name = P4 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2012 3:22:15 PM | Computer Name = P4 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2012 3:37:54 PM | Computer Name = P4 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2012 3:37:56 PM | Computer Name = P4 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/30/2012 3:37:58 PM | Computer Name = P4 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 1/25/2012 4:09:02 PM | Computer Name = P4 | Source = Service Control Manager | ID = 7031

Description = The McAfee Anti-Spam Service service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.

Error - 1/27/2012 5:29:48 PM | Computer Name = P4 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/27/2012 5:29:49 PM | Computer Name = P4 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/27/2012 5:30:02 PM | Computer Name = P4 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/27/2012 5:30:08 PM | Computer Name = P4 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/27/2012 5:36:20 PM | Computer Name = P4 | Source = atapi | ID = 262153

Description = The device, \Device\Ide\IdePort1, did not respond within the timeout

period.

Error - 1/27/2012 5:36:20 PM | Computer Name = P4 | Source = atapi | ID = 262155

Description = The driver detected a controller error on \Device\Ide\IdePort1.

Error - 1/30/2012 10:58:20 AM | Computer Name = P4 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

Error - 1/30/2012 2:55:51 PM | Computer Name = P4 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring

the volume.

Error - 1/30/2012 2:56:01 PM | Computer Name = P4 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

PCIIde

< End of report >

Here you go. Thanks for looking.

Link to post
Share on other sites

ComboFix 12-01-30.02 - Dan Nelson 01/30/2012 16:57:16.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT -8:00]

Running from: c:\documents and settings\Dan Nelson\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\windows\settings.reg

.

.

((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))

.

.

2012-01-30 18:51 . 2012-01-30 18:51 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-27 19:23 . 2012-01-27 19:23 -------- d-----w- c:\documents and settings\Dan Nelson\Application Data\Malwarebytes

2012-01-27 19:22 . 2012-01-27 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-01-27 19:22 . 2012-01-27 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-27 19:22 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-25 17:30 . 2003-11-11 02:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-01-25 17:30 . 2003-11-11 02:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll

2012-01-25 17:30 . 2003-11-11 02:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll

2012-01-25 17:30 . 2003-11-11 02:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll

2012-01-25 17:30 . 2003-11-11 02:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll

2012-01-25 17:30 . 2003-11-11 02:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe

2012-01-25 17:30 . 2012-01-25 17:30 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll

2012-01-25 17:30 . 2012-01-25 17:30 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-30 18:53 . 2004-08-12 13:55 187776 ----a-w- c:\windows\system32\drivers\acpi.sys

2011-11-25 21:57 . 2004-08-12 14:09 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2004-08-12 14:09 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2004-08-12 14:03 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-17 18:01 . 2011-11-17 18:01 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-17 18:01 . 2011-11-17 18:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-16 14:21 . 2004-08-12 14:09 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2004-08-12 14:04 152064 ----a-w- c:\windows\system32\schannel.dll

2011-11-04 19:20 . 2004-08-12 14:09 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2004-08-12 13:57 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:28 . 2004-08-12 14:03 1292288 ----a-w- c:\windows\system32\quartz.dll

2011-11-03 15:28 . 2004-08-12 14:03 386048 ----a-w- c:\windows\system32\qdvd.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]

@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"

[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]

2010-02-06 04:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]

@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"

[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]

2010-02-06 04:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]

@="{b4caf489-1eec-c617-49ad-8d7088598c06}"

[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]

2010-02-06 04:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]

"P17Helper"="P17.dll" [2004-06-10 60928]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1318816]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=

"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/22/2010 12:28 PM 89792]

R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [4/22/2010 12:30 PM 54776]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/22/2010 12:28 PM 214904]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/22/2010 12:28 PM 214904]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/22/2010 12:28 PM 214904]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/22/2010 12:28 PM 160608]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/22/2010 12:28 PM 150856]

R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2/5/2010 8:14 PM 229688]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/22/2010 12:28 PM 57600]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/22/2010 12:28 PM 338176]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/22/2010 12:28 PM 83856]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2009 1:42 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2009 1:42 PM 135664]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/22/2010 12:28 PM 83856]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/22/2010 12:28 PM 87656]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-05 14:51]

.

2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 21:42]

.

2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-01 21:42]

.

2012-01-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-01 19:22]

.

2011-12-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-01 19:22]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: noaa.gov\www

Trusted Zone: twitter.com

Trusted Zone: weather.gov\radar

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-49537968.sys

AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-30 17:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2012-01-30 17:09:19

ComboFix-quarantined-files.txt 2012-01-31 01:09

.

Pre-Run: 291,590,307,840 bytes free

Post-Run: 291,546,132,480 bytes free

.

- - End Of File - - 9C1853C8898FAB71F3B65AADBB5772E0

Link to post
Share on other sites

Looks good. :)

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Next,

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Please include both logs in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.01.31.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Dan Nelson :: P4 [administrator]

1/31/2012 12:38:51 PM

mbam-log-2012-01-31 (12-38-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 169738

Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1e9d2526e6ce1f4e97446a99794cc27e

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-31 10:35:48

# local_time=2012-01-31 02:35:48 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=5121 16776549 100 75 6184070 28415958 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=100625

# found=0

# cleaned=0

# scan_time=6054

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.