HDD scan trojan or virus

[Tazmachine]

I am new to the forum. I have want seems to be the HDD scan trojan. I have tried several things but it keeps coming back. I need help.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!)

Post back the report.

MrC

[Tazmachine]

Hi MrC. What ever has my machine will not allow the D.D.S. to complete. What shall I do now?

[MrCharlie]

Can you run RogueKiller and post the log, MrC

[Tazmachine]

I ran RogueKiller but I do not think it will allow me to post from the bad machine. What shall I do now?

[MrCharlie]

If you can't post the logs...how are we going to fix this??? MrC

[Tazmachine]

I am using another machine to communicate. Can I try using a jump drive?

[MrCharlie]

Yes that will work, how come you can't post with the sick computer?? MrC

[Tazmachine]

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User: Daniel [Admin rights]

Mode: Scan -- Date: 07/12/2012 06:28:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 17 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : hYthMVpLDEP.exe (C:\Documents and Settings\All Users\Application Data\hYthMVpLDEP.exe) -> FOUND

[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N040ATMR04-0 +++++

--- User ---

[MBR] b99911a5b86b35bdf282d515b936a1f7

[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Run RogueKiller again and click Scan > when the scan completes....

Click on the Registry tab and put a check next to these and uncheck the rest.

Now click Delete on the right hand side.

¤¤¤ Registry Entries: 17 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : hYthMVpLDEP.exe (C:\Documents and Settings\All Users\Application Data\hYthMVpLDEP.exe) -> FOUND

[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Let me know, pot the new log, MrC

[Tazmachine]

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Safe mode with network support

User: Daniel [Admin rights]

Mode: Remove -- Date: 07/12/2012 07:20:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 17 ¤¤¤

[sUSP PATH] HKLM\[...]\Run : hYthMVpLDEP.exe (C:\Documents and Settings\All Users\Application Data\hYthMVpLDEP.exe) -> DELETED

[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> DELETED

[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)

[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N040ATMR04-0 +++++

--- User ---

[MBR] b99911a5b86b35bdf282d515b936a1f7

[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

[MrCharlie]

You never answered the question about why you can't post with the sick computer?

---------------------------------

Please download and run unhide:

http://www.bleepingc...opic405109.html <---unhide

-----------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[Tazmachine]

I have another profile on this computer do I have to run RougeKiller on the other profile also?

[MrCharlie]

No, not right now, see if you can run unhide and OTL and outlined in my post above yours, MrC

[Tazmachine]

Re sick computer...when I hit the post button nothing happens.

[MrCharlie]

Try the "More option button"

Can you run unhide and OTL...Please...MrC

[Tazmachine]

OTL Extras logfile created on: 7/12/2012 7:51:58 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Daniel\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 261.03 Mb Available Physical Memory | 51.06% Memory free

1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.65% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 3.05 Gb Free Space | 8.19% Space Free | Partition Type: NTFS

Drive E: | 961.47 Mb Total Space | 941.02 Mb Free Space | 97.87% Space Free | Partition Type: FAT

Computer Name: EDLOW | User Name: Daniel | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"19540:UDP" = 19540:UDP:*:Enabled:SXUPTP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

"F:\Itunes\iTunes.exe" = F:\Itunes\iTunes.exe:*:Enabled:iTunes

"C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe" = C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe:*:Enabled:Belkin USB Print and Storage Center -- (Belkin International, Inc.)

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter

"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 17

"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 Deluxe

"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{58EDAD68-7839-42D8-A6AD-854A9ECB8224}" = FileMaker Pro 6

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{5F82271E-DFBE-405B-9C10-1B4E66C6E12E}" = iPod 2 iPod

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers

"{7CFB90B6-603B-43D5-B2B4-76DE58C5C3D3}" = USB2.0 VIDBOX NW02

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{8307E622-89E1-435A-BC8A-678C678F6A43}" = SA30xx Media Converter

"{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003

"{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CCF100B8-A2FB-41AE-BB9C-86EEF3699114}" = WordPerfect Family Pack 4

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 10.37 Free Edition

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0

"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor

"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center

"BelkinDailyDj" = Belkin Daily DJ

"BelkinLabeler" = Belkin Music Labeler

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem

"getPlus®_ocx" = getPlus®_ocx

"gspec" = GlobalSpec Engineering Toolbar

"HP-LaserJet 1020 series" = LaserJet 1020 series

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller

"InstallShield_{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes

"InstallShield_{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher

"InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot

"Learn_to_Play_Bridge" = Learn to Play Bridge

"Learn_to_Play_Bridge_2" = Learn to Play Bridge 2

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)

"MSC" = McAfee SecurityCenter

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)

"Music Mover_is1" = Music Mover

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Photo Viewer" = Photo Viewer 2.3

"RealPlayer 12.0" = RealPlayer

"Viewpoint Manager" = Viewpoint Manager (Remove Only)

"ViewpointMediaPlayer" = Viewpoint Media Player

"Virtual Moon Altas Image Libraries" = Virtual Moon Altas Image Libraries

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"WordPerfect Family Pack 4" = WordPerfect Family Pack 4

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644491937-1606980848-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/10/2012 8:50:16 AM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/10/2012 8:50:16 AM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/10/2012 8:50:16 AM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/10/2012 8:50:16 AM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/10/2012 8:50:16 AM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/10/2012 2:52:59 PM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The server name or address could not be resolved

Error - 7/10/2012 2:53:00 PM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/10/2012 2:53:01 PM | Computer Name = EDLOW | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 7/11/2012 9:38:42 PM | Computer Name = EDLOW | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Program Files\Common Files\Wise Installation

Wizard\WIS9E897D0FF80441A3966C7BB6EB5B6BE8_4_9_11_3987.MSI is not permitted due

to an error in software restriction policy processing. The object cannot be trusted.

Error - 7/11/2012 9:40:36 PM | Computer Name = EDLOW | Source = MsiInstaller | ID = 1008

Description = The installation of C:\Program Files\Common Files\Wise Installation

Wizard\WIS9E897D0FF80441A3966C7BB6EB5B6BE8_4_9_11_3987.MSI is not permitted due

to an error in software restriction policy processing. The object cannot be trusted.

[ System Events ]

Error - 7/12/2012 10:34:01 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:34:01 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:34:58 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:34:58 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:36:36 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:36:36 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:42:15 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:42:15 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:57:33 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/12/2012 10:57:33 AM | Computer Name = EDLOW | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

[Tazmachine]

OTL logfile created on: 7/12/2012 7:51:58 AM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\Daniel\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 261.03 Mb Available Physical Memory | 51.06% Memory free

1.22 Gb Paging File | 1.02 Gb Available in Paging File | 83.65% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 3.05 Gb Free Space | 8.19% Space Free | Partition Type: NTFS

Drive E: | 961.47 Mb Total Space | 941.02 Mb Free Space | 97.87% Space Free | Partition Type: FAT

Computer Name: EDLOW | User Name: Daniel | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/11 21:51:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe

PRC - [2011/12/06 17:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2011/12/06 17:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010/02/17 18:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/01/13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/12/06 17:25:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2011/12/06 17:21:24 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2011/12/06 17:21:08 | 000,166,288 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011/10/18 16:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)

SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)

SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)

SRV - [2008/04/04 10:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [On_Demand | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)

SRV - [2006/05/23 23:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)

DRV - [2011/10/15 12:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011/10/15 12:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011/10/15 12:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011/10/15 12:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011/10/15 12:16:16 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2011/10/15 12:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011/10/15 12:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2011/10/15 12:16:16 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2011/10/15 12:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2011/10/15 12:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)

DRV - [2009/06/04 09:21:31 | 000,028,032 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucau.sys -- (SUSTUCAU)

DRV - [2009/06/04 09:21:29 | 000,047,360 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucap.sys -- (SUSTUCAP)

DRV - [2009/06/04 09:21:28 | 000,047,360 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucam.sys -- (SUSTUCAM)

DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2006/11/15 17:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)

DRV - [2006/06/27 18:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)

DRV - [2003/09/26 10:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2003/07/03 15:59:06 | 000,189,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2003/07/03 15:56:58 | 000,631,680 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/07/03 15:55:48 | 001,063,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2003/04/25 17:10:52 | 000,220,176 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)

DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)

DRV - [2001/12/27 08:09:14 | 000,026,404 | R--- | M] (CARDBUSs) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CB103ND5.sys -- (CB103)

DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)

DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&q={searchTerms}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint.com/landing/v38a.html

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.att.net/search/

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&q={searchTerms}

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\SearchScopes\{BA816E34-70E9-4601-8F8E-7C9B02A968E7}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}&btnG=Google+Search&aq=f&oq=&rlz=1I7RNTN_en

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\SearchScopes\VWPT: "URL" = http://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel39%5fxp%26instid%3DViewpointV39%5fxp

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"

FF - prefs.js..browser.search.order.1: "iMesh Web Search"

FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"

FF - prefs.js..browser.startup.homepage: "http://google.com"

FF - prefs.js..extensions.enabledItems: {9B45688B-3A9C-4906-AC73-C6E08D351932}:1.0.26

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.1.195

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3

FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/20 17:50:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/05/13 15:32:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/10 07:11:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 17:51:13 | 000,000,000 | ---D | M]

[2009/09/11 06:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Extensions

[2012/03/03 10:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\n0peniig.default\extensions

[2009/09/16 09:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\n0peniig.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/09/15 18:37:21 | 000,000,000 | ---D | M] (GlobalSpec Engineering Toolbar) -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\n0peniig.default\extensions\{9B45688B-3A9C-4906-AC73-C6E08D351932}

[2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\n0peniig.default\searchplugins\iMeshWebSearch.xml

[2012/07/11 20:40:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/06/20 17:50:15 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2009/07/07 20:10:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2012/05/13 15:32:35 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml

O1 HOSTS File: ([2003/07/16 13:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (GlobalSpec Engineering Toolbar) - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\Program Files\gspec\gspec.dll (GlobalSpec, Inc. )

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120405094917.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (GlobalSpec Engineering Toolbar) - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\Program Files\gspec\gspec.dll (GlobalSpec, Inc. )

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\Toolbar\WebBrowser: (no name) - {4A32DB77-BE7B-461B-8A3E-7FE4DCE9A594} - No CLSID value found.

O3 - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\Toolbar\WebBrowser: (GlobalSpec Engineering Toolbar) - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\Program Files\gspec\gspec.dll (GlobalSpec, Inc. )

O4 - HKLM..\Run: [instaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186953228136 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186953171634 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5734/mcfscan.cab (McFreeScan Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D49DD321-3F93-4C8A-A300-9587960BBBEC}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\##router#Drive(A1)\Shell - "" = AutoRun

O33 - MountPoints2\##router#Drive(A1)\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\##router#Drive(A1)\Shell\AutoRun\command - "" = Z:\setupSNK.exe

O33 - MountPoints2\{41e2b4b1-598d-11df-8ac9-0014c13964f1}\Shell\AutoRun\command - "" = F:\WDSetup.exe

O33 - MountPoints2\{47f4f5e0-9f81-11df-8b1c-0014c13964f1}\Shell - "" = AutoRun

O33 - MountPoints2\{47f4f5e0-9f81-11df-8b1c-0014c13964f1}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{47f4f5e0-9f81-11df-8b1c-0014c13964f1}\Shell\AutoRun\command - "" = F:\AUTORUN\AUTORUN.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/12 06:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2012/07/12 06:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel\Desktop\RK_Quarantine

[2012/07/12 06:20:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daniel\Recent

[2012/07/12 05:40:30 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel\Desktop\dds.scr

[2012/07/12 05:30:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel\Desktop\dds.com

[2012/07/11 22:15:50 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Daniel\Desktop\unhide.exe

[2012/07/11 21:51:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe

[2012/07/11 19:25:32 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/11 18:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012/07/10 07:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy

[2012/07/10 07:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012/07/10 07:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

[2012/07/10 07:04:26 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel\Desktop\tdsskiller.exe

[2012/07/10 07:04:26 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel\Desktop\123tds.exe

[2012/07/09 23:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/09 23:59:48 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2012/07/09 22:38:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daniel\Start Menu\Programs\Administrative Tools

[2012/07/09 11:25:23 | 000,343,800 | ---- | C] (GBB) -- C:\Documents and Settings\All Users\Application Data\hYthMVpLDEP.exe

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/12 07:16:50 | 001,558,016 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\RogueKiller.exe

[2012/07/12 06:23:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/07/12 06:22:41 | 000,064,183 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012/07/12 06:20:04 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012/07/12 06:19:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/12 06:19:44 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-1343024091-1005.job

[2012/07/12 06:19:44 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-1343024091-1004.job

[2012/07/12 06:19:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-1343024091-500.job

[2012/07/12 05:40:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel\Desktop\dds.scr

[2012/07/12 05:30:48 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel\Desktop\dds.com

[2012/07/11 22:15:57 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Daniel\Desktop\unhide.exe

[2012/07/11 21:51:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel\Desktop\OTL.exe

[2012/07/11 21:46:07 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Daniel\Desktop\SecurityCheck.exe

[2012/07/11 21:39:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC01D804-2D60-4CAE-A9C0-CE1916932B33}.job

[2012/07/11 21:37:11 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-1343024091-500.job

[2012/07/11 19:50:37 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1C35120C-9914-46CB-AF85-E3D95B67A5A5}.job

[2012/07/11 18:44:06 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/10 18:57:34 | 000,064,183 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2012/07/10 18:56:56 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-1343024091-1004.job

[2012/07/10 07:11:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2012/07/10 07:02:45 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel\Desktop\tdsskiller.exe

[2012/07/10 07:02:45 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel\Desktop\123tds.exe

[2012/07/10 04:18:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/09 22:31:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Daniel\defogger_reenable

[2012/07/09 18:17:07 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE

[2012/07/09 11:21:54 | 000,343,800 | ---- | M] (GBB) -- C:\Documents and Settings\All Users\Application Data\hYthMVpLDEP.exe

[2012/07/09 09:36:17 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-1343024091-1005.job

[2012/07/08 19:44:39 | 000,436,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/07/08 19:44:39 | 000,069,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/07/08 19:40:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/07/08 19:40:52 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/06 17:07:41 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 07:16:50 | 001,558,016 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\RogueKiller.exe

[2012/07/11 22:22:50 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch FileMaker Pro.lnk

[2012/07/11 22:22:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/07/11 22:22:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk

[2012/07/11 22:22:50 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\WinUtilities.lnk

[2012/07/11 22:22:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2012/07/11 21:45:51 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Daniel\Desktop\SecurityCheck.exe

[2012/07/10 07:12:27 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1644491937-1606980848-1343024091-500.job

[2012/07/10 07:12:27 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1644491937-1606980848-1343024091-500.job

[2012/07/10 07:11:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2012/07/09 23:59:50 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/09 22:31:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Daniel\defogger_reenable

[2012/02/18 09:44:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2010/08/20 21:05:44 | 000,075,968 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/08/04 19:01:02 | 000,008,294 | ---- | C] () -- C:\WINDOWS\extend.dat

[2010/08/04 18:32:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini

[2008/09/28 14:58:20 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE

[2008/01/18 21:15:28 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/12/27 13:58:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\PFP100JPR.{PB

[2007/12/27 13:58:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Daniel\Application Data\PFP100JCM.{PB

========== LOP Check ==========

[2011/04/12 18:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy

[2008/10/15 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T Worldnet Service

[2008/10/15 21:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATT_TBBackup

[2010/06/07 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin

[2009/01/15 23:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2010/07/17 13:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/09/03 08:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YesVideo

[2010/05/06 20:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/06/07 10:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia\Application Data\AMS

[2010/08/29 09:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia\Application Data\GSPEC

[2010/06/06 11:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia\Application Data\imeshmediabartb

[2008/05/31 10:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cynthia\Application Data\Nikon

[2010/06/06 16:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\AMS

[2012/01/23 19:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\FileMaker

[2010/08/27 20:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\gspec

[2008/05/25 17:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Nikon

[2010/06/23 19:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel\Application Data\Viewpoint

[2009/09/13 12:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[2012/07/11 19:50:37 | 000,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1C35120C-9914-46CB-AF85-E3D95B67A5A5}.job

[2012/07/11 21:39:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC01D804-2D60-4CAE-A9C0-CE1916932B33}.job

========== Purity Check ==========

< End of report >

[MrCharlie]

Please go to your control panels add/remove programs and uninstall these:

"Viewpoint Manager"

"ViewpointMediaPlayer"

-----------------

Next.....

Please do this:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  
  :OTL
  IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....&q={searchTerms}
  IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint...nding/v38a.html
  IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
  IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.viewpoint...nding/v38a.html
  IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
  IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....&q={searchTerms}
  IE - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\SearchScopes\VWPT: "URL" = http://search.viewpo...ewpointV39%5fxp
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKU\S-1-5-21-1644491937-1606980848-1343024091-1004\..\Toolbar\WebBrowser: (no name) - {4A32DB77-BE7B-461B-8A3E-7FE4DCE9A594} - No CLSID value found.
  FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
  FF - prefs.js..browser.search.order.1: "iMesh Web Search"
  FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
  FF - prefs.js..keyword.URL: "http://search.imesh....m/web?src=ffb="
  FF - user.js - File not found
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
  [2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\n0peniig.default\searchplugins\iMeshWebSearch.xml
  [2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml
  :Commands
  [EMPTYJAVA]
  [emptytemp]
  

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  

MrC

[Tazmachine]

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry key HKEY_USERS\S-1-5-21-1644491937-1606980848-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}\ not found.

Registry key HKEY_USERS\S-1-5-21-1644491937-1606980848-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1644491937-1606980848-1343024091-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4A32DB77-BE7B-461B-8A3E-7FE4DCE9A594} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A32DB77-BE7B-461B-8A3E-7FE4DCE9A594}\ not found.

Prefs.js: "iMesh Web Search" removed from browser.search.defaultenginename

Prefs.js: "iMesh Web Search" removed from browser.search.order.1

Prefs.js: "iMesh Web Search" removed from browser.search.selectedEngine

Prefs.js: "http://search.imesh....m/web?src=ffb=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.

File C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.

C:\Documents and Settings\Daniel\Application Data\Mozilla\Firefox\Profiles\n0peniig.default\searchplugins\iMeshWebSearch.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml moved successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Cynthia

->Java cache emptied: 38097867 bytes

User: Daniel

->Java cache emptied: 40164243 bytes

User: Default User

User: LocalService

User: NetworkService

Total Java Files Cleaned = 75.00 mb

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 13700308 bytes

->FireFox cache emptied: 28218746 bytes

->Flash cache emptied: 456 bytes

User: All Users

User: Cynthia

->Temp folder emptied: 9131932 bytes

->Temporary Internet Files folder emptied: 36952226 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 73364838 bytes

->Flash cache emptied: 2461 bytes

User: Daniel

->Temp folder emptied: 75902099 bytes

->Temporary Internet Files folder emptied: 11468760 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 78336624 bytes

->Flash cache emptied: 1984012 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 3651185 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 482377 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1145933 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 124038402 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 184863452 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 378100516 bytes

Total Files Cleaned = 974.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07122012_083553

[MrCharlie]

Next........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[Tazmachine]

I have not seen the clock format change and I also do not hear the drive moving. Should I take any action?

[Tazmachine]

I have not seen the clock format change and I also do not hear the drive moving. Should I take any action?

Also no flashing lights.

[MrCharlie]

Just run it, MrC

[Tazmachine]

Just run it, MrC

Just concerned that there are no progress completed progress stage statuses being displayed.