Lesli Posted March 1, 2010 ID:208011 Share Posted March 1, 2010 (edited) Hello....Please advise, I have followed the instructions on the forum. DDS (Ver_09-12-01.01) - NTFSx86 Run by Lesli at 21:17:12.10 on Sun 02/28/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.406 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\DOCUME~1\Lesli\LOCALS~1\Temp\clclean.0001C:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\McAfee\MBK\McAfeeDataBackup.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Digital Line Detect\DLG.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeC:\Documents and Settings\Lesli\Local Settings\Temporary Internet Files\Content.IE5\CVXD0E9L\dds[1].scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.aol.com/?src=aimuSearch Bar = uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.local;<local>uInternet Settings,ProxyServer = http=localhost:7171uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dlluURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllmURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dllBHO: {78243423-cf27-43ae-8ef8-13028b6506f5} - c:\windows\system32\mvakafr.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dllBHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllEB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No FileuRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exeuRun: [setDefaultMIDI] MIDIDef.exeuRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /RuRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduleruRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\mri3uxib.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\mhwf25u5.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\c1ojgzk7.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\4lmfclyj.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\1yps160x.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\vz2ftjv2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\vf9sjrp1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\s6os2b7v.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\qm6ydax8.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\gyidzd1h.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\ec3r0sck.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\beglbnru.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\8yi9m1hz.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\6rn718vf.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\5nx0u5o2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\2jmll29m.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\1q6gf015.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh! c:\docume~1\lesli\locals~1\temp\cl981e~1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\vz2ftjv2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\vf9sjrp1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\s6os2b7v.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\qm6ydax8.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\gyidzd1h.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\ec3r0sck.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\beglbnru.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\8yi9m1hz.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\6rn718vf.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\5nx0u5o2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\2jmll29m.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\1q6gf015.sh! c:\docume~1\lesli\locals~1\temp\CLCLEA~1.SH!mRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [sunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exemRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [sigmatelSysTrayApp] stsystra.exemRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMonmRun: [updReg] c:\windows\UpdReg.EXEmRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /rmRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\2.bin\MWSBAR.DLL,SmRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hidemRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exedPolicies-system: DisableRegistryTools = 1 (0x1)IE: &Search - ?p=ZCfox000IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exeIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLLTrusted Zone: amaena.comTrusted Zone: avsystemcare.comTrusted Zone: internetTrusted Zone: mcafee.comTrusted Zone: microsoft.com\officeTrusted Zone: onerateld.comTrusted Zone: safetydownload.comTrusted Zone: trustedantivirus.comTrusted Zone: virusschlacht.comTrusted Zone: amaena.comTrusted Zone: avsystemcare.comTrusted Zone: onerateld.comTrusted Zone: safetydownload.comTrusted Zone: trustedantivirus.comTrusted Zone: virusschlacht.comDPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267275016754DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267275785807DPF: {7ec816d4-6fc3-4c58-a7da-a770ee461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllNotify: igfxcui - igfxdev.dllNotify: trilnkwp - mvakafr.dllNotify: wvutqnl - wvutqnl.dllAppInit_DLLs: c:\progra~1\manson\liser.dllLSA: Authentication Packages = msv1_0 c:\windows\system32\jkkli.dll============= SERVICES / DRIVERS ===============R0 atvtliik;atvtliik;c:\windows\system32\drivers\atvtliik.sys [2004-8-10 23424]R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-7 214664]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-10 93320]R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-10 359952]R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-10 144704]R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-10 606736]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-7 79816]R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-7 35272]R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-7 40552]S1 63aa8b10;63aa8b10;c:\windows\system32\drivers\63aa8b10.sys --> c:\windows\system32\drivers\63aa8b10.sys [?]S1 e01bf75e;e01bf75e;c:\windows\system32\drivers\e01bf75e.sys [2009-6-9 0]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-7 34248]=============== Created Last 30 ================2010-03-01 02:10:39 0 ----a-w- c:\documents and settings\lesli\defogger_reenable2010-02-27 14:46:25 0 d-----w- c:\docume~1\lesli\applic~1\Malwarebytes2010-02-27 14:46:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-02-27 14:46:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-02-27 14:46:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2010-02-27 14:46:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-02-27 12:58:48 236 ----a-w- c:\documents and settings\lesli\register.bat2010-02-23 11:57:02 0 d-----w- c:\program files\iPod2010-02-23 11:56:16 0 d-----w- c:\program files\iTunes2010-02-23 05:12:33 256 ----a-w- c:\windows\system32\pool.bin2010-02-13 17:30:03 0 d-----w- c:\docume~1\lesli\applic~1\McAfee2010-02-13 11:12:14 0 d-sh--w- c:\documents and settings\lesli\IECompatCache==================== Find3M ====================2007-11-21 00:43:24 491059 --sha-w- c:\windows\system32\acbeg.ini22008-03-06 00:42:18 88 --sh--r- c:\windows\system32\E4F206FC12.sys2008-04-24 14:26:24 405540 --sha-w- c:\windows\system32\ilkkj.ini22008-03-06 00:42:21 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys2008-03-12 00:55:47 291498 --sha-w- c:\windows\system32\qtutv.ini22009-06-12 19:08:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061220090613\index.dat2009-06-14 17:25:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061420090615\index.dat============= FINISH: 21:19:14.14 ===============Malwarebytes' Anti-Malware 1.44Database version: 3800Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187022/28/2010 8:16:26 AMmbam-log-2010-02-28 (08-16-26).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 222909Time elapsed: 1 hour(s), 23 minute(s), 52 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\trilnkwp (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:c:\WINDOWS\system32\mvakafr.dll (Trojan.Vundo.H) -> Delete on reboot. Please help I can't get rid of this kouewenz.dll! GMER log GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-03-01 06:07:45Windows 5.1.2600 Service Pack 3Running: b0cpmph5[1].exe; Driver: C:\DOCUME~1\Lesli\LOCALS~1\Temp\kwloapoc.sys---- System - GMER 1.0.15 ----Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA13178A]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA131821]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA131738]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA13174C]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA131835]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA131861]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA1318CF]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA1318B9]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA1317CA]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA1318FB]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA13180D]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA131710]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA131724]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA13179E]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA131937]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA1318A3]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA13188D]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA13184B]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA131923]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA13190F]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA131776]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA131762]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA131877]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA1317F9]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA1318E5]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA1317E0]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA1317B4]Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFileCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSectionCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcessCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThreadCode \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess---- Devices - GMER 1.0.15 ----AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)Device \FileSystem\Fastfat \Fat A863DD20AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)---- EOF - GMER 1.0.15 ----ATTACH.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 7/31/2006 3:45:16 PMSystem Uptime: 2/28/2010 9:12:52 PM (0 hours ago)Motherboard: Dell Inc. | | 0KD882Processor: Genuine Intel Edited March 9, 2010 by Maurice Naggar Merged 2nd post into 1st & place logs In-line Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 9, 2010 ID:212081 Share Posted March 9, 2010 Hello Lesli,It would appear that your case was overlooked. What may have contributed to that was your posting a 2nd post before a helper had replied to you.Threads with a response greater than zero give the impression that you are being helped.Please follow my guidance.You will want to print out or copy these instructions to Notepad for offline reference!If you are a casual viewer, do NOT try this on your system! If you are not Lesli and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 3Take out the trash (temporary files & temporary internet files) Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.Start ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser, do this also:Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. ATF-Cleaner should be run per the above in every user-login account {User Profile} Step 3Disable temporarily your antivirus program. Use the following as a guide. Do NOT turn off the firewallHow To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsStep 4Download The Avenger by Swandog46 from here.Unzip/extract it to a folder on your desktop.Double click on avenger.exe to run The Avenger.Click OK.Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.Drivers to disable:trilnkwpwvutqnlDrivers to delete:trilnkwpwvutqnlFiles to delete:c:\windows\system32\jkkli.dllc:\program files\manson\liser.dllc:\windows\system32\mvakafr.dllc:\windows\system32\wvutqnl.dllFolders to delete:C:\recyclerD:\recyclere:\recyclerf:\recyclerg:\recyclerh:\recyclerIn the avenger window, click the Paste Script from Clipboard icon, button. Make sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.Click the Execute button.You will be asked Are you sure you want to execute the current script?.Click Yes.You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.Click Yes.Your PC will now be rebooted.Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.and then reboot the system again.Step 5Start MBAM and do a full scan.Step 6Reply with the C:\Avenger.txtand the latest MBAM scan logThere will be much much more to do later.BTW, do NOT surf the web, nor play online games. Just go to this forum & the sites I guide you to.Do NOT use the attach feature to upload your log reports !! Always Copy & Paste them into main body of reply box.Use single or multiple posts as needed. Just do not attach unless asked by me. Thanks. Link to post Share on other sites More sharing options...
Lesli Posted March 11, 2010 Author ID:212948 Share Posted March 11, 2010 Hi Maurice,I hit a snag with the very first instruction...the download for ERUNT started. It was taking forever...my screen saver came on, when I went to check the status and run the program the download dialog box was gone and now I can't find the program...I chose to save it to the desktop but I don't see it, I tried searching for it. When I go back to the link for the download (in your reply) if I try to click the link again the window will open and then just close. Now what should I do?Lesli Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 11, 2010 ID:212969 Share Posted March 11, 2010 Turn off your screensaver. Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from >>> here <<< Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box will briefly appear and then close. This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.See and do as outlined here http://bertk.mvps.org/html/createrp.htmlThen try one more time to get ERUNT.If there's still a hitch, proceed forward with the other steps I listed before. Link to post Share on other sites More sharing options...
Lesli Posted March 11, 2010 Author ID:213083 Share Posted March 11, 2010 Thanks Maurice....everything worked this time. Although I guess its not gone I will await your next instruction.LesliMalwarebytes' Anti-Malware 1.44Database version: 3800Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187023/11/2010 12:31:19 PMmbam-log-2010-03-11 (12-31-19).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 227209Time elapsed: 52 minute(s), 49 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\trilnkwp (Trojan.Vundo.H) -> Delete on reboot.HKEY_CLASSES_ROOT\CLSID\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:c:\WINDOWS\system32\mvakafr.dll (Trojan.Vundo.H) -> Delete on reboot.Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform: Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at C:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!Error: could not open driver "trilnkwp"Disablement of driver "trilnkwp" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: could not open driver "wvutqnl"Disablement of driver "wvutqnl" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "\Registry\Machine\System\CurrentControlSet\Services\trilnkwp" not found!Deletion of driver "trilnkwp" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: registry key "\Registry\Machine\System\CurrentControlSet\Services\wvutqnl" not found!Deletion of driver "wvutqnl" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: file "c:\windows\system32\jkkli.dll" not found!Deletion of file "c:\windows\system32\jkkli.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existError: could not open file "c:\program files\manson\liser.dll"Deletion of file "c:\program files\manson\liser.dll" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open file "c:\windows\system32\mvakafr.dll"Deletion of file "c:\windows\system32\mvakafr.dll" failed!Status: 0xc0000022 (STATUS_ACCESS_DENIED)Error: file "c:\windows\system32\wvutqnl.dll" not found!Deletion of file "c:\windows\system32\wvutqnl.dll" failed!Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not existFolder "C:\recycler" deleted successfully.Folder "D:\recycler" deleted successfully.Error: could not open folder "e:\recycler"Deletion of folder "e:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open folder "f:\recycler"Deletion of folder "f:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open folder "g:\recycler"Deletion of folder "g:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existError: could not open folder "h:\recycler"Deletion of folder "h:\recycler" failed!Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND) --> bad path / the parent directory does not existCompleted script processing.*******************Finished! Terminate. Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 11, 2010 ID:213105 Share Posted March 11, 2010 Lesli,That was a good MBAM run. You are ready for these next steps. Again, please make sure you close any of your open application programs.You will want to print out or copy these instructions to Notepad for offline reference!If you are a casual viewer, do NOT try this on your system! If you are not Lesli and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Next StepDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallIf you have a prior copy of Combofix, delete it now !Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2 Link 3 * IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.------------------------------------------------------- A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. =RE-Enable your AntiVirus and AntiSpyware applications.Step 2Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exeClose all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!Exit OTL by clicking the X at top right.Step 3Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.Step 4Reply with copy {Copy & Paste here} C:\Combofix.txtOTL.txtExtras.txtCheckup.txtBe sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
Lesli Posted March 13, 2010 Author ID:214068 Share Posted March 13, 2010 Maurice,Here are the logs. Windows Update came back and there are around 30 new updates that automatically downloaded. Should I install those? Thank you so much for your help so far!LesliComboFix 10-03-11.02 - Lesli 03/11/2010 15:16:41.1.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.572 [GMT -5:00]Running from: c:\documents and settings\Lesli\Desktop\Combo-Fix.exeAV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\docume~1\Lesli\LOCALS~1\Temp\clclean.0001.dir.0002\~df394b.tmpc:\documents and settings\All Users\Application Data\91734996.inic:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}c:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome.manifestc:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome\xulcache.jarc:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\defaults\preferences\xulcache.jsc:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\install.rdfc:\documents and settings\Lesli\Favorites\Online Security Guide.lnkc:\documents and settings\Lesli\Local Settings\Temp\clclean.0001.dir.0002\~df394b.tmpc:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome.manifestc:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome\xulcache.jarc:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\defaults\preferences\xulcache.jsc:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\install.rdfc:\temp\abW9c:\windows\system32\acbeg.inic:\windows\system32\acbeg.ini2c:\windows\system32\alfqnuqq.inic:\windows\system32\asctmqqd.inic:\windows\system32\auadiqbl.inic:\windows\system32\bauogvx.dllc:\windows\system32\bemtkrvs.inic:\windows\system32\bntgvorr.inic:\windows\system32\bszip.dllc:\windows\system32\bxakxgfu.inic:\windows\system32\cmpufbje.inic:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}c:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome.manifestc:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome\xulcache.jarc:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\defaults\preferences\xulcache.jsc:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\install.rdfc:\windows\system32\config\systemprofile\Start Menu\Programs\System Securityc:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security 2009 Support.lnkc:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security 2009.lnkc:\windows\system32\csnchcgj.inic:\windows\system32\cxjyilgx.inic:\windows\system32\Datac:\windows\system32\ddtxrvex.inic:\windows\system32\drivers\atvtliik.sysc:\windows\system32\drivers\zyybtcjf.sysc:\windows\system32\elfetrvi.inic:\windows\system32\fggjrqit.inic:\windows\system32\gevteqwm.inic:\windows\system32\gfotxlxv.inic:\windows\system32\gtsbbgpf.inic:\windows\system32\gvtoblpc.inic:\windows\system32\hrorhkgs.inic:\windows\system32\hsbnlfoq.inic:\windows\system32\huefykgx.inic:\windows\system32\ilkkj.inic:\windows\system32\ilkkj.ini2c:\windows\system32\inkdbxhx.inic:\windows\system32\irapadcu.inic:\windows\system32\kouewenz.dllc:\windows\system32\ldrxfghk.inic:\windows\system32\lmpwbgsi.inic:\windows\system32\mvakafr.dllc:\windows\system32\odrlwuuo.inic:\windows\system32\pjxsxkhi.inic:\windows\system32\ptfjiifn.inic:\windows\system32\qppiqqie.inic:\windows\system32\qtutv.inic:\windows\system32\qtutv.ini2c:\windows\system32\rMa02yyc:\windows\system32\stpuypuy.inic:\windows\system32\twhrgnbc.inic:\windows\system32\wmjsbqtm.inic:\windows\system32\wxxdfjvj.inic:\windows\system32\xbgeacli.inic:\windows\system32\xlombdgb.inic:\windows\system32\xmkyvgfk.inic:\windows\system32\xyfxelew.inic:\windows\system32\yrpedfuo.inic:\windows\system32\yskiihvd.inic:\windows\system32\yuirdafb.inic:\windows\Tasks\At1.job.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ATVTLIIK-------\Legacy_podmena-------\Legacy_podmenadrv-------\Service_atvtliik((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 ))))))))))))))))))))))))))))))).2010-03-11 14:16 . 2010-03-11 14:16 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE2010-03-11 14:16 . 2010-03-11 14:16 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AIM Toolbar2010-03-11 14:15 . 2010-03-11 14:15 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer2010-03-11 14:15 . 2010-03-11 14:15 -------- d-----w- c:\documents and settings\Guest\Application Data\GTek2010-03-11 14:14 . 2010-03-11 14:14 -------- d-----w- c:\documents and settings\Guest\Application Data\InstallShield2010-03-11 14:02 . 2010-03-11 14:02 -------- d-----w- c:\program files\ERUNT2010-02-27 14:46 . 2010-02-27 14:46 -------- d-----w- c:\documents and settings\Lesli\Application Data\Malwarebytes2010-02-27 14:46 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-02-27 14:46 . 2010-02-27 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-02-27 14:46 . 2010-02-27 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-02-27 14:46 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2010-02-27 12:58 . 2010-02-27 12:58 236 ----a-w- c:\documents and settings\Lesli\register.bat2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\program files\iPod2010-02-23 11:56 . 2010-02-23 11:58 -------- d-----w- c:\program files\iTunes2010-02-23 11:48 . 2010-02-23 11:50 -------- d-----w- c:\program files\QuickTime2010-02-23 05:12 . 2010-02-23 05:31 256 ----a-w- c:\windows\system32\pool.bin2010-02-13 17:30 . 2010-02-13 17:30 -------- d-----w- c:\documents and settings\Lesli\Application Data\McAfee2010-02-13 11:12 . 2010-02-13 11:12 -------- d-sh--w- c:\documents and settings\Lesli\IECompatCache.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-02-27 12:32 . 2009-10-07 23:27 -------- d-----w- c:\program files\Graboid2010-02-24 11:00 . 2009-10-07 23:29 -------- d-----w- c:\program files\VideoLAN2010-02-23 11:56 . 2008-01-04 01:22 -------- d-----w- c:\program files\Common Files\Apple2010-02-22 23:36 . 2010-01-10 18:45 -------- d-----w- c:\program files\McAfee2010-02-20 18:42 . 2009-01-09 17:20 -------- d-----w- c:\documents and settings\Lesli\Application Data\ZoomBrowser EX2010-02-20 18:38 . 2009-01-09 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser2010-02-13 17:29 . 2006-07-27 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee2010-01-10 23:00 . 2008-12-13 18:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore2009-12-17 22:42 . 2009-01-11 16:36 664 ----a-w- c:\windows\system32\d3d9caps.dat2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll2008-03-06 00:42 . 2006-11-10 21:10 88 --sh--r- c:\windows\system32\E4F206FC12.sys2008-03-06 00:42 . 2006-11-10 21:10 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]"MBMon"="CTMBHA.DLL" [2006-03-03 1355938]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-27 24576]QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@=""[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@=""[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\AIM\\aim.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"="c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8094:TCP"= 8094:TCP:@xpsp2res.dll,-22009R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/10/2010 1:57 PM 93320]S0 uojjyeyl;uojjyeyl;c:\windows\system32\drivers\rgcfg.sys --> c:\windows\system32\drivers\rgcfg.sys [?]S1 63aa8b10;63aa8b10;c:\windows\system32\drivers\63aa8b10.sys --> c:\windows\system32\drivers\63aa8b10.sys [?]S1 e01bf75e;e01bf75e;c:\windows\system32\drivers\e01bf75e.sys [6/9/2009 4:20 PM 0]--- Other Services/Drivers In Memory ---*NewlyCreated* - ATVTLIIK*Deregistered* - atvtliikHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsjnchqvia.Contents of the 'Scheduled Tasks' folder2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]2010-01-15 c:\windows\Tasks\McDefragTask.job- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 17:22]2010-03-01 c:\windows\Tasks\McQcTask.job- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 17:22]2010-03-10 c:\windows\Tasks\Norton Security Scan for Eli.job- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 00:20]..------- Supplementary Scan -------.uStart Page = hxxp://www.aol.com/?src=aimuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.local;<local>uInternet Settings,ProxyServer = http=localhost:7171uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000Trusted Zone: amaena.comTrusted Zone: avsystemcare.comTrusted Zone: internetTrusted Zone: mcafee.comTrusted Zone: microsoft.com\officeTrusted Zone: onerateld.comTrusted Zone: safetydownload.comTrusted Zone: trustedantivirus.comTrusted Zone: virusschlacht.comTrusted Zone: amaena.comTrusted Zone: avsystemcare.comTrusted Zone: onerateld.comTrusted Zone: safetydownload.comTrusted Zone: trustedantivirus.comTrusted Zone: virusschlacht.comDPF: {7ec816d4-6fc3-4c58-a7da-a770ee461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cabDPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab.- - - - ORPHANS REMOVED - - - -HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exeNotify-wvutqnl - wvutqnl.dllAddRemove-AIM_6.0 - c:\program files\AIM6\uninst.exeAddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-03-11 15:26Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'explorer.exe'(2296)c:\windows\system32\ieframe.dllc:\windows\system32\OneX.DLLc:\windows\system32\eappprxy.dllc:\windows\system32\webcheck.dll.------------------------ Other Running Processes ------------------------.c:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Intel\Wireless\Bin\WLKeeper.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exec:\windows\system32\CTsvcCDA.exec:\progra~1\McAfee\MSC\mcmscsvc.exec:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exec:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exec:\progra~1\McAfee\VIRUSS~1\mcshield.exec:\program files\McAfee\MPF\MPFSrv.exec:\program files\McAfee\MSK\MskSrver.exec:\program files\Dell\QuickSet\NICCONFIGSVC.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\progra~1\mcafee.com\agent\mcagent.exec:\windows\system32\wdfmgr.exec:\program files\Canon\CAL\CALMAIN.exec:\windows\system32\wscntfy.exec:\windows\system32\igfxsrvc.exec:\windows\stsystra.exec:\windows\system32\Rundll32.exec:\docume~1\Lesli\LOCALS~1\Temp\clclean.0001c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exec:\program files\iPod\bin\iPodService.exe.**************************************************************************.Completion time: 2010-03-11 15:37:53 - machine was rebootedComboFix-quarantined-files.txt 2010-03-11 20:37Pre-Run: 14,493,032,448 bytes freePost-Run: 14,313,242,624 bytes freeWindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect- - End Of File - - 54C157B308C537AA28EA6F8BB5212CABOTL Extras logfile created on: 3/13/2010 2:50:42 PM - Run 1OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Lesli\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 52.72 Gb Total Space | 12.75 Gb Free Space | 24.18% Space Free | Partition Type: NTFSDrive D: | 16.52 Gb Total Space | 0.42 Gb Free Space | 2.53% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedResults of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee Uninstaller McAfee SecurityCenter McAfee Virtual Technician `````````````````````````````` Anti-malware/Other Utilities Check: Java 2 Runtime Environment, SE v1.4.2_03 Adobe Flash Player 10 Adobe Reader 7.1.0 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent McAfee VIRUSS~1 mcshield.exe McAfee VIRUSS~1 mcsysmon.exe ``````````````````````````````DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````G: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DCVB8HB1Current User Name: LesliLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DoNotAllowExceptions" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"AIM Toolbar" = AIM Toolbar"AIM_7" = AIM 7"AOL Instant Messenger" = AOL Instant Messenger"AudibleManager" = AudibleManager"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2"CAL" = Canon Camera Access Library"CameraWindowDC" = Canon Utilities CameraWindow DC"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX"CameraWindowLauncher" = Canon Utilities CameraWindow"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX"Canon MOV Decoder" = Canon MOV Decoder"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem"CSCLIB" = Canon Camera Support Core Library"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint"EOS Utility" = Canon Utilities EOS Utility"ERUNT_is1" = ERUNT 1.1j"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"McAfee Uninstall Utility" = McAfee Uninstaller"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0"MSC" = McAfee SecurityCenter"MyCamera" = Canon Utilities MyCamera"MyCameraDC" = Canon Utilities MyCamera DC"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"Notes V4.0" = Lotus Notes"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)"Pathways Distributed Learning" = Pathways Distributed Learning"PhotoStitch" = Canon Utilities PhotoStitch"ProInst" = Intel® PROSet/Wireless Software"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers"SoftwareUpdUtility" = Download Updater (AOL LLC)"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration"SynTPDeinstKey" = Synaptics Pointing Device Driver"Windows Media Format Runtime" = Windows Media Format Runtime"Windows Media Player" = Windows Media Player 10"Windows XP Service Pack" = Windows XP Service Pack 3"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility========== Last 10 Event Log Errors ==========[ Application Events ]Error - 2/27/2010 9:45:10 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/1/2010 2:04:58 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/3/2010 8:04:13 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/3/2010 8:47:40 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/11/2010 7:20:30 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mcbrwctl.dll, version 3.0.1.163, fault address 0x0002a80e.Error - 3/11/2010 7:20:33 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1001Description = Fault bucket 1612478497.Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).[ System Events ]Error - 3/11/2010 1:49:23 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 9:53:22 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = sr | ID = 1Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = Cdrom | ID = 262155Description = The driver detected a controller error on \Device\CdRom0.Error - 3/11/2010 10:56:11 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 1:40:22 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11Description = The device Root\LEGACY_HQZLXFO\0000 disappeared from the system without first being prepared for removal.Error - 3/11/2010 3:36:01 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 3:36:27 PM | Computer Name = DCVB8HB1 | Source = System Error | ID = 1003Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.Error - 3/11/2010 4:16:29 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7034Description = The Creative Labs Licensing Service service terminated unexpectedly. It has done this 1 time(s).Error - 3/11/2010 4:23:57 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11Description = The device Root\LEGACY_ATVTLIIK\0000 disappeared from the system without first being prepared for removal.< End of report > Link to post Share on other sites More sharing options...
Lesli Posted March 13, 2010 Author ID:214069 Share Posted March 13, 2010 OTL.txtOTL logfile created on: 3/13/2010 2:50:42 PM - Run 1OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Lesli\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 52.72 Gb Total Space | 12.75 Gb Free Space | 24.18% Space Free | Partition Type: NTFSDrive D: | 16.52 Gb Total Space | 0.42 Gb Free Space | 2.53% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DCVB8HB1Current User Name: LesliLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/03/13 14:50:34 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lesli\Desktop\OTL.exePRC - [2010/03/13 00:41:49 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Lesli\Local Settings\temp\clclean.0001PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exePRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exePRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exePRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exePRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exePRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exePRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exePRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exePRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exePRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exePRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exePRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exePRC - [2006/07/27 11:31:27 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exePRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exePRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exePRC - [2006/03/24 23:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exePRC - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exePRC - [2005/12/28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exePRC - [2005/12/28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exePRC - [2005/12/28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exePRC - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exePRC - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exePRC - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exePRC - [2005/10/31 10:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exePRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exePRC - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exePRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe========== Modules (SafeList) ==========MOD - [2010/03/13 14:50:34 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lesli\Desktop\OTL.exe========== Win32 Services (SafeList) ==========SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)SRV - [2006/07/27 11:31:27 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)SRV - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®SRV - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®SRV - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®SRV - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®========== Driver Services (SafeList) ==========DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)DRV - [2009/06/09 21:07:00 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e01bf75e.sys -- (e01bf75e)DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)DRV - [2007/11/09 09:46:42 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)DRV - [2006/03/24 23:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)DRV - [2006/03/08 18:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)DRV - [2005/12/04 16:55:30 | 001,428,096 | ---- | M] (Intel Link to post Share on other sites More sharing options...
Lesli Posted March 13, 2010 Author ID:214070 Share Posted March 13, 2010 OTL Extras logfile created on: 3/13/2010 2:50:42 PM - Run 1OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Lesli\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,014.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File freePaging file location(s): C:\pagefile.sys 1524 3048 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 52.72 Gb Total Space | 12.75 Gb Free Space | 24.18% Space Free | Partition Type: NTFSDrive D: | 16.52 Gb Total Space | 0.42 Gb Free Space | 2.53% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: DCVB8HB1Current User Name: LesliLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DoNotAllowExceptions" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"AIM Toolbar" = AIM Toolbar"AIM_7" = AIM 7"AOL Instant Messenger" = AOL Instant Messenger"AudibleManager" = AudibleManager"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2"CAL" = Canon Camera Access Library"CameraWindowDC" = Canon Utilities CameraWindow DC"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX"CameraWindowLauncher" = Canon Utilities CameraWindow"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX"Canon MOV Decoder" = Canon MOV Decoder"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem"CSCLIB" = Canon Camera Support Core Library"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint"EOS Utility" = Canon Utilities EOS Utility"ERUNT_is1" = ERUNT 1.1j"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs"ie7" = Windows Internet Explorer 7"ie8" = Windows Internet Explorer 8"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"McAfee Uninstall Utility" = McAfee Uninstaller"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0"MSC" = McAfee SecurityCenter"MyCamera" = Canon Utilities MyCamera"MyCameraDC" = Canon Utilities MyCamera DC"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"Notes V4.0" = Lotus Notes"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)"Pathways Distributed Learning" = Pathways Distributed Learning"PhotoStitch" = Canon Utilities PhotoStitch"ProInst" = Intel® PROSet/Wireless Software"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers"SoftwareUpdUtility" = Download Updater (AOL LLC)"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration"SynTPDeinstKey" = Synaptics Pointing Device Driver"Windows Media Format Runtime" = Windows Media Format Runtime"Windows Media Player" = Windows Media Player 10"Windows XP Service Pack" = Windows XP Service Pack 3"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility========== Last 10 Event Log Errors ==========[ Application Events ]Error - 2/27/2010 9:45:10 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/1/2010 2:04:58 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/3/2010 8:04:13 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/3/2010 8:47:40 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 3/11/2010 7:20:30 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mcbrwctl.dll, version 3.0.1.163, fault address 0x0002a80e.Error - 3/11/2010 7:20:33 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1001Description = Fault bucket 1612478497.Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).[ System Events ]Error - 3/11/2010 1:49:23 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 9:53:22 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = sr | ID = 1Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = Cdrom | ID = 262155Description = The driver detected a controller error on \Device\CdRom0.Error - 3/11/2010 10:56:11 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 1:40:22 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11Description = The device Root\LEGACY_HQZLXFO\0000 disappeared from the system without first being prepared for removal.Error - 3/11/2010 3:36:01 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000Description = The Automatic Updates service failed to start due to the following error: %%2Error - 3/11/2010 3:36:27 PM | Computer Name = DCVB8HB1 | Source = System Error | ID = 1003Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3 00000000, parameter4 00000000.Error - 3/11/2010 4:16:29 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7034Description = The Creative Labs Licensing Service service terminated unexpectedly. It has done this 1 time(s).Error - 3/11/2010 4:23:57 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11Description = The device Root\LEGACY_ATVTLIIK\0000 disappeared from the system without first being prepared for removal.< End of report > Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 14, 2010 ID:214172 Share Posted March 14, 2010 Hello Lesli.Leave the windows updates notice alone. Leave the updates for later on, when I advise.You will want to print out or copy these instructions to Notepad for offline reference!If you are a casual viewer, do NOT try this on your system! If you are not Lesli and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.Open McAfee Security CenterUnder Common Tasks click on HomeClick Computer FilesClick ConfigureMake sure the following are disabled by ticking the "Off" button.Virus protection Spyware protection System Guards Protection Script Scanning Protection (you may have to scroll down to see it)Next, select never for "When to re-enable real time scanning" and click OK.Step 1 Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************:filesC:\recyclerD:\recyclere:\recyclerf:\recyclerg:\recyclerh:\recycler:reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-"ProxyOverride"=-"ProxyEnable"=-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-"ProxyOverride"=-:Commands[purity][emptytemp][CREATERESTOREPOINT]*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste. Close any browser(s) windows that may be open.Using your mouse, click on the red-lettered button Run Fix.Once you see a message box "Fix complete! Click OK to open the fix log."Click the OK buttonThe log will open in Notepad (your default text editor).Save the log. Post a copy of that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.Step 2Use your browser to go here at Virustotal websiteClick the Browse button and then navigate to c:\windows\system32\drivers\63aa8b10.sys, then click the Submit button.The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.Repeat the same steps for c:\windows\system32\drivers\e01bf75e.sysRepeat the same steps for C:\WINDOWS\System32\E4F206FC12.sysSave the results, and post back here in a reply.Step 3Scan the system with the Kaspersky Online Scannerhttp://www.kaspersky.com/kos/eng/partner/d...kavwebscan.htmlAttention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.During this run, make sure your browser does not block popup windows. Have patience while some screens populate.Read the Information block presented on the screen, and then press the Accept button.1) Accept the agreement2) The necessary files will be downloaded and installed. Please have plenty of patience.3) After Kaspersky AntiVirus Database is updated, look at the Scan box.4) Click the My Computer line5 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares6) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply. ( To see an animated tutorial-how-to on the scan, see >>this link<<)Re-enable your McAfee antivirus program after Kaspersky has finished.Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired. Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or other quarantine.Kaspersky is a report only and does not remove files.Reply with copy of the OTL MovedFiles logand the results from Virustotal scansand Kaspersky.txt reportHow is your system now Link to post Share on other sites More sharing options...
Lesli Posted March 14, 2010 Author ID:214410 Share Posted March 14, 2010 Hi Maurice,So I couldn't get kaspersky to download, I could get to the website, the program begins to open, then disappears. As far as the Virustotal, I couldn't find one of the files, one was found but when I sent it it said 0 bytes received (I tried twice), the third one I found and it sent. The computer seems to be working well.LesliAll processes killed========== FILES ==========C:\RECYCLER\S-1-5-21-550576934-994621700-1303650900-1006 folder moved successfully.C:\RECYCLER folder moved successfully.D:\RECYCLER\S-1-5-21-550576934-994621700-1303650900-1006 folder moved successfully.D:\RECYCLER folder moved successfully.File\Folder e:\recycler not found.File\Folder f:\recycler not found.File\Folder g:\recycler not found.File\Folder h:\recycler not found.========== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Guest->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytesUser: Lesli->Temp folder emptied: 1645468 bytes->Temporary Internet Files folder emptied: 22100279 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 21130685 bytes->Apple Safari cache emptied: 191761898 bytes->Flash cache emptied: 2298976 bytesUser: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes->FireFox cache emptied: 3494447 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 534537 bytes->Flash cache emptied: 405 bytesUser: Owner->Temp folder emptied: 0 bytesUser: TEMP->Temporary Internet Files folder emptied: 0 bytesUser: TEMP.DCVB8HB1->Temporary Internet Files folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 19569 bytes%systemroot%\System32 .tmp files removed: 5552657 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2720111 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 240.00 mbRestore point Set: OTL Restore Point (64424509440)OTL by OldTimer - Version 3.1.37.0 log created on 03142010_092203Files\Folders moved on Reboot...C:\Documents and Settings\Lesli\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp moved successfully.C:\Documents and Settings\Lesli\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.File\Folder C:\WINDOWS\temp\mcmsc_JPjGBxrNrtYXVh1 not found!File\Folder C:\WINDOWS\temp\mcmsc_WwSKUdz6u7outwv not found!Registry entries deleted on Reboot...63aa8b10.sys(Was not able to locate file when I browsed)e01bf75e.sys0 bytes size received / Se ha recibido un archivo vacioE4F206FC12.sysa-squared 4.5.0.50 2010.03.14 - AhnLab-V3 5.0.0.2 2010.03.14 - AntiVir 8.2.1.180 2010.03.12 - Antiy-AVL 2.0.3.7 2010.03.12 - Authentium 5.2.0.5 2010.03.13 - Avast 4.8.1351.0 2010.03.14 - Avast5 5.0.332.0 2010.03.14 - AVG 9.0.0.787 2010.03.14 - BitDefender 7.2 2010.03.14 - CAT-QuickHeal 10.00 2010.03.13 - ClamAV 0.96.0.0-git 2010.03.14 - Comodo 4261 2010.03.14 - DrWeb 5.0.1.12222 2010.03.14 - eSafe 7.0.17.0 2010.03.14 - eTrust-Vet 35.2.7359 2010.03.12 - F-Prot 4.5.1.85 2010.03.14 - F-Secure 9.0.15370.0 2010.03.14 - Fortinet 4.0.14.0 2010.03.13 - GData 19 2010.03.14 - Ikarus T3.1.1.80.0 2010.03.14 - Jiangmin 13.0.900 2010.03.14 - K7AntiVirus 7.10.997 2010.03.13 - Kaspersky 7.0.0.125 2010.03.14 - McAfee 5920 2010.03.14 - McAfee+Artemis 5920 2010.03.14 - McAfee-GW-Edition 6.8.5 2010.03.13 - Microsoft 1.5502 2010.03.12 - NOD32 4943 2010.03.14 - Norman 6.04.08 2010.03.14 - nProtect 2009.1.8.0 2010.03.13 - Panda 10.0.2.2 2010.03.14 - PCTools 7.0.3.5 2010.03.14 - Rising 22.38.04.03 2010.03.12 - Sophos 4.51.0 2010.03.14 - Sunbelt 5878 2010.03.14 - Symantec 20091.2.0.41 2010.03.14 - TheHacker 6.5.2.0.233 2010.03.13 - TrendMicro 9.120.0.1004 2010.03.14 - VBA32 3.12.12.2 2010.03.14 - ViRobot 2010.3.13.2226 2010.03.13 - VirusBuster 5.0.27.0 2010.03.13 - Additional information File size: 88 bytes MD5...: 8b628f5aff751009b145eca9ceab1b86 SHA1..: 99fc5731e978ed545c507f5f58b172c4f099585f SHA256: ed3045ac8c2ef7f01ff6c48c5c8461f454a88f3dfa04c0fb273116206620b166 ssdeep: 3:hl/L/PCN/n:fXgPEiD..: - PEInfo: - RDS...: NSRL Reference Data Set- pdfid.: - trid..: MS Flight Simulator Aircraft Performance Info (100.0%) sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsigned Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 15, 2010 ID:214855 Share Posted March 15, 2010 Lesli,I'd like for you to do an online scan at ESET website (in lieu of the Kaspersky) after a new MBAM run.Step 1Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. When done, click the Scanner tab.Do a Quick Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Step 2Using Internet Explorer browser only, go to ESET Online Scanner website:Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.Accept the Terms of Use and press Start button;Approve the install of the required ActiveX Control, then follow on-screen instructions;Enable (check) the Remove found threats option, and run the scan.After the scan completes, the Details tab in the Results window will display what was found and removed. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.Look at contents of this file using Notepad or Wordpad.The Frequently Asked Questions for ESET Online Scanner can be viewed herehttp://www.eset.com/onlinescan/cac4.php?page=faqFrom ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner. Otherwise the scan will take twice as long to do: everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result. It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner. (And the prompt re-enabling when finished.) If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.Step 3Next:Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then copy/paste the following into your post (in order):the contents of the MBAM scan logthe contents of the ESET scan logthe contents of Log.txtthe contents of Info.txt Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
Recommended Posts