Jump to content

hijacking windows update


Recommended Posts

Hello....Please advise, I have followed the instructions on the forum.

DDS (Ver_09-12-01.01) - NTFSx86

Run by Lesli at 21:17:12.10 on Sun 02/28/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.406 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\DOCUME~1\Lesli\LOCALS~1\Temp\clclean.0001

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Documents and Settings\Lesli\Local Settings\Temporary Internet Files\Content.IE5\CVXD0E9L\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim

uSearch Bar =

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=localhost:7171

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {78243423-cf27-43ae-8ef8-13028b6506f5} - c:\windows\system32\mvakafr.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File

uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\mri3uxib.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\mhwf25u5.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\c1ojgzk7.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\4lmfclyj.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh!\1yps160x.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh!\content.sh! c:\docume~1\lesli\locals~1\temp\tempor~1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\vz2ftjv2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\vf9sjrp1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\s6os2b7v.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\qm6ydax8.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\gyidzd1h.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\ec3r0sck.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\beglbnru.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\8yi9m1hz.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\6rn718vf.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\5nx0u5o2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\2jmll29m.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.ie5\1q6gf015.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh! c:\docume~1\lesli\locals~1\temp\cl981e~1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\vz2ftjv2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\vf9sjrp1.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\s6os2b7v.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\qm6ydax8.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\gyidzd1h.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\ec3r0sck.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\beglbnru.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\8yi9m1hz.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\6rn718vf.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\5nx0u5o2.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\2jmll29m.sh! c:\docume~1\lesli\locals~1\temp\tempor~1\content.sh!\1q6gf015.sh! c:\docume~1\lesli\locals~1\temp\CLCLEA~1.SH!

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [My Web Search Bar] rundll32 c:\progra~1\mywebs~1\bar\2.bin\MWSBAR.DLL,S

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide

mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: &Search - ?p=ZCfox000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

Trusted Zone: amaena.com

Trusted Zone: avsystemcare.com

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\office

Trusted Zone: onerateld.com

Trusted Zone: safetydownload.com

Trusted Zone: trustedantivirus.com

Trusted Zone: virusschlacht.com

Trusted Zone: amaena.com

Trusted Zone: avsystemcare.com

Trusted Zone: onerateld.com

Trusted Zone: safetydownload.com

Trusted Zone: trustedantivirus.com

Trusted Zone: virusschlacht.com

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1267275016754

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1267275785807

DPF: {7ec816d4-6fc3-4c58-a7da-a770ee461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: igfxcui - igfxdev.dll

Notify: trilnkwp - mvakafr.dll

Notify: wvutqnl - wvutqnl.dll

AppInit_DLLs: c:\progra~1\manson\liser.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\jkkli.dll

============= SERVICES / DRIVERS ===============

R0 atvtliik;atvtliik;c:\windows\system32\drivers\atvtliik.sys [2004-8-10 23424]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-7 214664]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-1-10 93320]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-10 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-10 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-10 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-7 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-7 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-7 40552]

S1 63aa8b10;63aa8b10;c:\windows\system32\drivers\63aa8b10.sys --> c:\windows\system32\drivers\63aa8b10.sys [?]

S1 e01bf75e;e01bf75e;c:\windows\system32\drivers\e01bf75e.sys [2009-6-9 0]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-7 34248]

=============== Created Last 30 ================

2010-03-01 02:10:39 0 ----a-w- c:\documents and settings\lesli\defogger_reenable

2010-02-27 14:46:25 0 d-----w- c:\docume~1\lesli\applic~1\Malwarebytes

2010-02-27 14:46:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 14:46:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-02-27 14:46:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 14:46:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 12:58:48 236 ----a-w- c:\documents and settings\lesli\register.bat

2010-02-23 11:57:02 0 d-----w- c:\program files\iPod

2010-02-23 11:56:16 0 d-----w- c:\program files\iTunes

2010-02-23 05:12:33 256 ----a-w- c:\windows\system32\pool.bin

2010-02-13 17:30:03 0 d-----w- c:\docume~1\lesli\applic~1\McAfee

2010-02-13 11:12:14 0 d-sh--w- c:\documents and settings\lesli\IECompatCache

==================== Find3M ====================

2007-11-21 00:43:24 491059 --sha-w- c:\windows\system32\acbeg.ini2

2008-03-06 00:42:18 88 --sh--r- c:\windows\system32\E4F206FC12.sys

2008-04-24 14:26:24 405540 --sha-w- c:\windows\system32\ilkkj.ini2

2008-03-06 00:42:21 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

2008-03-12 00:55:47 291498 --sha-w- c:\windows\system32\qtutv.ini2

2009-06-12 19:08:10 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061220090613\index.dat

2009-06-14 17:25:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009061420090615\index.dat

============= FINISH: 21:19:14.14 ===============

Malwarebytes' Anti-Malware 1.44

Database version: 3800

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

2/28/2010 8:16:26 AM

mbam-log-2010-02-28 (08-16-26).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 222909

Time elapsed: 1 hour(s), 23 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\trilnkwp (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\mvakafr.dll (Trojan.Vundo.H) -> Delete on reboot.

Please help I can't get rid of this kouewenz.dll!

GMER log

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-03-01 06:07:45

Windows 5.1.2600 Service Pack 3

Running: b0cpmph5[1].exe; Driver: C:\DOCUME~1\Lesli\LOCALS~1\Temp\kwloapoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAA13178A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xAA131821]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xAA131738]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xAA13174C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xAA131835]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xAA131861]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAA1318CF]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAA1318B9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAA1317CA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAA1318FB]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xAA13180D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAA131710]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAA131724]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAA13179E]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAA131937]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAA1318A3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAA13188D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xAA13184B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAA131923]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAA13190F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAA131776]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAA131762]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xAA131877]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAA1317F9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAA1318E5]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAA1317E0]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAA1317B4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A863DD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

ATTACH.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 7/31/2006 3:45:16 PM

System Uptime: 2/28/2010 9:12:52 PM (0 hours ago)

Motherboard: Dell Inc. | | 0KD882

Processor: Genuine Intel

Edited by Maurice Naggar
Merged 2nd post into 1st & place logs In-line
Link to post
Share on other sites

  • 2 weeks later...

Hello Lesli,

It would appear that your case was overlooked. What may have contributed to that was your posting a 2nd post before a helper had replied to you.

Threads with a response greater than zero give the impression that you are being helped.

Please follow my guidance.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gif

If you are a casual viewer, do NOT try this on your system!

If you are not Lesli and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

Step 3

Disable temporarily your antivirus program. Use the following as a guide. Do NOT turn off the firewall

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Step 4

Download The Avenger by Swandog46 from here.

  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Drivers to disable:
    trilnkwp
    wvutqnl

    Drivers to delete:
    trilnkwp
    wvutqnl

    Files to delete:
    c:\windows\system32\jkkli.dll
    c:\program files\manson\liser.dll
    c:\windows\system32\mvakafr.dll
    c:\windows\system32\wvutqnl.dll


    Folders to delete:
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler


  • In the avenger window, click the Paste Script from Clipboard icon, pastets4.png button.
  • icon_arrow.gifMake sure that what appears in Avenger matches exactly what you were asked to Copy/Paste from the Code box above.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. Please copy/paste the contents of c:\avenger.txt into your next reply.

Not all the items will be found; so do not worry. Hopefully enough of the rootkit will be removed so that we can continue forward with more cleaning.

If you get a blue screen abort when it reboots, please write down all the information, STOP codes and description.

and then reboot the system again.

Step 5

Start MBAM and do a full scan.

Step 6

Reply with the C:\Avenger.txt

and the latest MBAM scan log

There will be much much more to do later.

BTW, do NOT surf the web, nor play online games. Just go to this forum & the sites I guide you to.

Do NOT use the attach feature to upload your log reports !! Always Copy & Paste them into main body of reply box.

Use single or multiple posts as needed. Just do not attach unless asked by me. Thanks.

Link to post
Share on other sites

Hi Maurice,

I hit a snag with the very first instruction...the download for ERUNT started. It was taking forever...my screen saver came on, when I went to check the status and run the program the download dialog box was gone and now I can't find the program...I chose to save it to the desktop but I don't see it, I tried searching for it.

When I go back to the link for the download (in your reply) if I try to click the link again the window will open and then just close.

Now what should I do?

Lesli

Link to post
Share on other sites

Turn off your screensaver.

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

See and do as outlined here http://bertk.mvps.org/html/createrp.html

Then try one more time to get ERUNT.

If there's still a hitch, proceed forward with the other steps I listed before.

Link to post
Share on other sites

Thanks Maurice....everything worked this time. Although I guess its not gone :lol:

I will await your next instruction.

Lesli

Malwarebytes' Anti-Malware 1.44

Database version: 3800

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/11/2010 12:31:19 PM

mbam-log-2010-03-11 (12-31-19).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 227209

Time elapsed: 52 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\trilnkwp (Trojan.Vundo.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{78243423-cf27-43ae-8ef8-13028b6506f5} (Trojan.Vundo.H) -> Delete on reboot.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\mvakafr.dll (Trojan.Vundo.H) -> Delete on reboot.

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

Error: could not open driver "trilnkwp"

Disablement of driver "trilnkwp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open driver "wvutqnl"

Disablement of driver "wvutqnl" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\trilnkwp" not found!

Deletion of driver "trilnkwp" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\wvutqnl" not found!

Deletion of driver "wvutqnl" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: file "c:\windows\system32\jkkli.dll" not found!

Deletion of file "c:\windows\system32\jkkli.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Error: could not open file "c:\program files\manson\liser.dll"

Deletion of file "c:\program files\manson\liser.dll" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open file "c:\windows\system32\mvakafr.dll"

Deletion of file "c:\windows\system32\mvakafr.dll" failed!

Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Error: file "c:\windows\system32\wvutqnl.dll" not found!

Deletion of file "c:\windows\system32\wvutqnl.dll" failed!

Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)

--> the object does not exist

Folder "C:\recycler" deleted successfully.

Folder "D:\recycler" deleted successfully.

Error: could not open folder "e:\recycler"

Deletion of folder "e:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "f:\recycler"

Deletion of folder "f:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "g:\recycler"

Deletion of folder "g:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Error: could not open folder "h:\recycler"

Deletion of folder "h:\recycler" failed!

Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)

--> bad path / the parent directory does not exist

Completed script processing.

*******************

Finished! Terminate.

Link to post
Share on other sites

Lesli,

That was a good MBAM run. You are ready for these next steps. Again, please make sure you close any of your open application programs.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system!

If you are not Lesli and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Next Step

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

=

RE-Enable your AntiVirus and AntiSpyware applications.

Step 2

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Step 3

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Step 4

Reply with copy {Copy & Paste here} C:\Combofix.txt

OTL.txt

Extras.txt

Checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Maurice,

Here are the logs. Windows Update came back :lol: and there are around 30 new updates that automatically downloaded. Should I install those? Thank you so much for your help so far!

Lesli

ComboFix 10-03-11.02 - Lesli 03/11/2010 15:16:41.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.572 [GMT -5:00]

Running from: c:\documents and settings\Lesli\Desktop\Combo-Fix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Lesli\LOCALS~1\Temp\clclean.0001.dir.0002\~df394b.tmp

c:\documents and settings\All Users\Application Data\91734996.ini

c:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}

c:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome.manifest

c:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome\xulcache.jar

c:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\defaults\preferences\xulcache.js

c:\documents and settings\Lesli\Application Data\Mozilla\Firefox\Profiles\d1olyiw9.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\install.rdf

c:\documents and settings\Lesli\Favorites\Online Security Guide.lnk

c:\documents and settings\Lesli\Local Settings\Temp\clclean.0001.dir.0002\~df394b.tmp

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome.manifest

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome\xulcache.jar

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\defaults\preferences\xulcache.js

c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\fua0iq53.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\install.rdf

c:\temp\abW9

c:\windows\system32\acbeg.ini

c:\windows\system32\acbeg.ini2

c:\windows\system32\alfqnuqq.ini

c:\windows\system32\asctmqqd.ini

c:\windows\system32\auadiqbl.ini

c:\windows\system32\bauogvx.dll

c:\windows\system32\bemtkrvs.ini

c:\windows\system32\bntgvorr.ini

c:\windows\system32\bszip.dll

c:\windows\system32\bxakxgfu.ini

c:\windows\system32\cmpufbje.ini

c:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}

c:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome.manifest

c:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\chrome\xulcache.jar

c:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\defaults\preferences\xulcache.js

c:\windows\system32\config\systemprofile\Application Data\Mozilla\Firefox\Profiles\mtxacbnn.default\extensions\{ff8faf86-ee9e-4d79-97ca-99af3d9e9194}\install.rdf

c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security

c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security 2009 Support.lnk

c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security 2009.lnk

c:\windows\system32\csnchcgj.ini

c:\windows\system32\cxjyilgx.ini

c:\windows\system32\Data

c:\windows\system32\ddtxrvex.ini

c:\windows\system32\drivers\atvtliik.sys

c:\windows\system32\drivers\zyybtcjf.sys

c:\windows\system32\elfetrvi.ini

c:\windows\system32\fggjrqit.ini

c:\windows\system32\gevteqwm.ini

c:\windows\system32\gfotxlxv.ini

c:\windows\system32\gtsbbgpf.ini

c:\windows\system32\gvtoblpc.ini

c:\windows\system32\hrorhkgs.ini

c:\windows\system32\hsbnlfoq.ini

c:\windows\system32\huefykgx.ini

c:\windows\system32\ilkkj.ini

c:\windows\system32\ilkkj.ini2

c:\windows\system32\inkdbxhx.ini

c:\windows\system32\irapadcu.ini

c:\windows\system32\kouewenz.dll

c:\windows\system32\ldrxfghk.ini

c:\windows\system32\lmpwbgsi.ini

c:\windows\system32\mvakafr.dll

c:\windows\system32\odrlwuuo.ini

c:\windows\system32\pjxsxkhi.ini

c:\windows\system32\ptfjiifn.ini

c:\windows\system32\qppiqqie.ini

c:\windows\system32\qtutv.ini

c:\windows\system32\qtutv.ini2

c:\windows\system32\rMa02yy

c:\windows\system32\stpuypuy.ini

c:\windows\system32\twhrgnbc.ini

c:\windows\system32\wmjsbqtm.ini

c:\windows\system32\wxxdfjvj.ini

c:\windows\system32\xbgeacli.ini

c:\windows\system32\xlombdgb.ini

c:\windows\system32\xmkyvgfk.ini

c:\windows\system32\xyfxelew.ini

c:\windows\system32\yrpedfuo.ini

c:\windows\system32\yskiihvd.ini

c:\windows\system32\yuirdafb.ini

c:\windows\Tasks\At1.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ATVTLIIK

-------\Legacy_podmena

-------\Legacy_podmenadrv

-------\Service_atvtliik

((((((((((((((((((((((((( Files Created from 2010-02-11 to 2010-03-11 )))))))))))))))))))))))))))))))

.

2010-03-11 14:16 . 2010-03-11 14:16 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE

2010-03-11 14:16 . 2010-03-11 14:16 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\AIM Toolbar

2010-03-11 14:15 . 2010-03-11 14:15 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer

2010-03-11 14:15 . 2010-03-11 14:15 -------- d-----w- c:\documents and settings\Guest\Application Data\GTek

2010-03-11 14:14 . 2010-03-11 14:14 -------- d-----w- c:\documents and settings\Guest\Application Data\InstallShield

2010-03-11 14:02 . 2010-03-11 14:02 -------- d-----w- c:\program files\ERUNT

2010-02-27 14:46 . 2010-02-27 14:46 -------- d-----w- c:\documents and settings\Lesli\Application Data\Malwarebytes

2010-02-27 14:46 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-27 14:46 . 2010-02-27 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-27 14:46 . 2010-02-27 14:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 14:46 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-27 12:58 . 2010-02-27 12:58 236 ----a-w- c:\documents and settings\Lesli\register.bat

2010-02-23 11:57 . 2010-02-23 11:57 -------- d-----w- c:\program files\iPod

2010-02-23 11:56 . 2010-02-23 11:58 -------- d-----w- c:\program files\iTunes

2010-02-23 11:48 . 2010-02-23 11:50 -------- d-----w- c:\program files\QuickTime

2010-02-23 05:12 . 2010-02-23 05:31 256 ----a-w- c:\windows\system32\pool.bin

2010-02-13 17:30 . 2010-02-13 17:30 -------- d-----w- c:\documents and settings\Lesli\Application Data\McAfee

2010-02-13 11:12 . 2010-02-13 11:12 -------- d-sh--w- c:\documents and settings\Lesli\IECompatCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-27 12:32 . 2009-10-07 23:27 -------- d-----w- c:\program files\Graboid

2010-02-24 11:00 . 2009-10-07 23:29 -------- d-----w- c:\program files\VideoLAN

2010-02-23 11:56 . 2008-01-04 01:22 -------- d-----w- c:\program files\Common Files\Apple

2010-02-22 23:36 . 2010-01-10 18:45 -------- d-----w- c:\program files\McAfee

2010-02-20 18:42 . 2009-01-09 17:20 -------- d-----w- c:\documents and settings\Lesli\Application Data\ZoomBrowser EX

2010-02-20 18:38 . 2009-01-09 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser

2010-02-13 17:29 . 2006-07-27 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-01-10 23:00 . 2008-12-13 18:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2009-12-17 22:42 . 2009-01-11 16:36 664 ----a-w- c:\windows\system32\d3d9caps.dat

2007-06-21 23:38 . 2007-06-21 23:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-21 23:38 . 2007-06-21 23:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-21 23:38 . 2007-06-21 23:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-21 23:38 . 2007-06-21 23:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-21 23:39 . 2007-06-21 23:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-21 23:39 . 2007-06-21 23:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-21 23:39 . 2007-06-21 23:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll

2007-06-21 23:39 . 2007-06-21 23:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-21 23:40 . 2007-06-21 23:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2008-03-06 00:42 . 2006-11-10 21:10 88 --sh--r- c:\windows\system32\E4F206FC12.sys

2008-03-06 00:42 . 2006-11-10 21:10 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SetDefaultMIDI"="MIDIDef.exe" [2004-12-23 24576]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-14 98304]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-14 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-14 118784]

"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]

"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]

"MBMon"="CTMBHA.DLL" [2006-03-03 1355938]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-27 24576]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=

"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8094:TCP"= 8094:TCP:@xpsp2res.dll,-22009

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/10/2010 1:57 PM 93320]

S0 uojjyeyl;uojjyeyl;c:\windows\system32\drivers\rgcfg.sys --> c:\windows\system32\drivers\rgcfg.sys [?]

S1 63aa8b10;63aa8b10;c:\windows\system32\drivers\63aa8b10.sys --> c:\windows\system32\drivers\63aa8b10.sys [?]

S1 e01bf75e;e01bf75e;c:\windows\system32\drivers\e01bf75e.sys [6/9/2009 4:20 PM 0]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATVTLIIK

*Deregistered* - atvtliik

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

jnchqvia

.

Contents of the 'Scheduled Tasks' folder

2010-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-01-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 17:22]

2010-03-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-10 17:22]

2010-03-10 c:\windows\Tasks\Norton Security Scan for Eli.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 00:20]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/?src=aim

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=localhost:7171

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: amaena.com

Trusted Zone: avsystemcare.com

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\office

Trusted Zone: onerateld.com

Trusted Zone: safetydownload.com

Trusted Zone: trustedantivirus.com

Trusted Zone: virusschlacht.com

Trusted Zone: amaena.com

Trusted Zone: avsystemcare.com

Trusted Zone: onerateld.com

Trusted Zone: safetydownload.com

Trusted Zone: trustedantivirus.com

Trusted Zone: virusschlacht.com

DPF: {7ec816d4-6fc3-4c58-a7da-a770ee461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab

DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe

Notify-wvutqnl - wvutqnl.dll

AddRemove-AIM_6.0 - c:\program files\AIM6\uninst.exe

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-11 15:26

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2296)

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\program files\Intel\Wireless\Bin\WLKeeper.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\CTsvcCDA.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\McAfee\MSK\MskSrver.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\stsystra.exe

c:\windows\system32\Rundll32.exe

c:\docume~1\Lesli\LOCALS~1\Temp\clclean.0001

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-03-11 15:37:53 - machine was rebooted

ComboFix-quarantined-files.txt 2010-03-11 20:37

Pre-Run: 14,493,032,448 bytes free

Post-Run: 14,313,242,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 54C157B308C537AA28EA6F8BB5212CAB

OTL Extras logfile created on: 3/13/2010 2:50:42 PM - Run 1

OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Lesli\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 52.72 Gb Total Space | 12.75 Gb Free Space | 24.18% Space Free | Partition Type: NTFS

Drive D: | 16.52 Gb Total Space | 0.42 Gb Free Space | 2.53% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

Results of screen317's Security Check version 0.99.1

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee Uninstaller

McAfee SecurityCenter

McAfee Virtual Technician

``````````````````````````````

Anti-malware/Other Utilities Check:

Java 2 Runtime Environment, SE v1.4.2_03

Adobe Flash Player 10

Adobe Reader 7.1.0

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

McAfee VIRUSS~1 mcshield.exe

McAfee VIRUSS~1 mcsysmon.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCVB8HB1

Current User Name: Lesli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009

"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician

"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM Toolbar" = AIM Toolbar

"AIM_7" = AIM 7

"AOL Instant Messenger" = AOL Instant Messenger

"AudibleManager" = AudibleManager

"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"CSCLIB" = Canon Camera Support Core Library

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"EOS Utility" = Canon Utilities EOS Utility

"ERUNT_is1" = ERUNT 1.1j

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Uninstall Utility" = McAfee Uninstaller

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"MSC" = McAfee SecurityCenter

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Notes V4.0" = Lotus Notes

"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)

"Pathways Distributed Learning" = Pathways Distributed Learning

"PhotoStitch" = Canon Utilities PhotoStitch

"ProInst" = Intel® PROSet/Wireless Software

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/27/2010 9:45:10 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2010 2:04:58 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 8:04:13 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 8:47:40 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/11/2010 7:20:30 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mcbrwctl.dll, version 3.0.1.163, fault address 0x0002a80e.

Error - 3/11/2010 7:20:33 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1001

Description = Fault bucket 1612478497.

Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485

Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"

failed with system error 32 (0x00000020): "The process cannot access the file because

it is being used by another process. ". The delete file operation will fail with

error -1032 (0xfffffbf8).

Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485

Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"

failed with system error 32 (0x00000020): "The process cannot access the file because

it is being used by another process. ". The delete file operation will fail with

error -1032 (0xfffffbf8).

[ System Events ]

Error - 3/11/2010 1:49:23 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 9:53:22 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = Cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/11/2010 10:56:11 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 1:40:22 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_HQZLXFO\0000 disappeared from the system without

first being prepared for removal.

Error - 3/11/2010 3:36:01 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 3:36:27 PM | Computer Name = DCVB8HB1 | Source = System Error | ID = 1003

Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3

00000000, parameter4 00000000.

Error - 3/11/2010 4:16:29 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7034

Description = The Creative Labs Licensing Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 3/11/2010 4:23:57 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_ATVTLIIK\0000 disappeared from the system without

first being prepared for removal.

< End of report >

Link to post
Share on other sites

OTL.txt

OTL logfile created on: 3/13/2010 2:50:42 PM - Run 1

OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Lesli\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 52.72 Gb Total Space | 12.75 Gb Free Space | 24.18% Space Free | Partition Type: NTFS

Drive D: | 16.52 Gb Total Space | 0.42 Gb Free Space | 2.53% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCVB8HB1

Current User Name: Lesli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/13 14:50:34 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lesli\Desktop\OTL.exe

PRC - [2010/03/13 00:41:49 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Documents and Settings\Lesli\Local Settings\temp\clclean.0001

PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

PRC - [2006/09/11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

PRC - [2006/07/27 11:31:27 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

PRC - [2006/04/06 14:58:52 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PRC - [2006/03/24 23:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

PRC - [2005/12/28 11:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2005/12/28 11:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2005/12/28 11:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

PRC - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2005/10/31 10:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

PRC - [2003/11/19 17:48:14 | 000,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/03/13 14:50:34 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lesli\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/07/08 20:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2006/07/27 11:31:27 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)

SRV - [2006/04/06 14:57:54 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

SRV - [2005/12/28 12:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2005/12/28 11:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2005/12/28 11:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2005/12/28 11:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

========== Driver Services (SafeList) ==========

DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/06/09 21:07:00 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\e01bf75e.sys -- (e01bf75e)

DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/11/09 09:46:42 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/03/24 23:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/03/08 18:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2006/01/04 15:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2005/12/28 13:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2005/12/04 16:55:30 | 001,428,096 | ---- | M] (Intel

Link to post
Share on other sites

OTL Extras logfile created on: 3/13/2010 2:50:42 PM - Run 1

OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Lesli\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 52.72 Gb Total Space | 12.75 Gb Free Space | 24.18% Space Free | Partition Type: NTFS

Drive D: | 16.52 Gb Total Space | 0.42 Gb Free Space | 2.53% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: DCVB8HB1

Current User Name: Lesli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009

"80:TCP" = 80:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"8094:TCP" = 8094:TCP:*:Enabled:@xpsp2res.dll,-22009

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician

"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB

"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12

"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy

"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Web Only

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU

"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord

"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM Toolbar" = AIM Toolbar

"AIM_7" = AIM 7

"AOL Instant Messenger" = AOL Instant Messenger

"AudibleManager" = AudibleManager

"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MOV Decoder" = Canon MOV Decoder

"CANONBJ_Deinstall_CNMCP6d.DLL" = Canon PIXMA iP5000

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"CSCLIB" = Canon Camera Support Core Library

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"EOS Utility" = Canon Utilities EOS Utility

"ERUNT_is1" = ERUNT 1.1j

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Uninstall Utility" = McAfee Uninstaller

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"MSC" = McAfee SecurityCenter

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Notes V4.0" = Lotus Notes

"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)

"Pathways Distributed Learning" = Pathways Distributed Learning

"PhotoStitch" = Canon Utilities PhotoStitch

"ProInst" = Intel® PROSet/Wireless Software

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/27/2010 9:45:10 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 9:45:11 AM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2010 2:04:58 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 8:04:13 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/3/2010 8:47:40 PM | Computer Name = DCVB8HB1 | Source = Application Hang | ID = 1002

Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/11/2010 7:20:30 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting

module mcbrwctl.dll, version 3.0.1.163, fault address 0x0002a80e.

Error - 3/11/2010 7:20:33 AM | Computer Name = DCVB8HB1 | Source = Application Error | ID = 1001

Description = Fault bucket 1612478497.

Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485

Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"

failed with system error 32 (0x00000020): "The process cannot access the file because

it is being used by another process. ". The delete file operation will fail with

error -1032 (0xfffffbf8).

Error - 3/11/2010 4:31:27 PM | Computer Name = DCVB8HB1 | Source = ESENT | ID = 485

Description = wuauclt (4052) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"

failed with system error 32 (0x00000020): "The process cannot access the file because

it is being used by another process. ". The delete file operation will fail with

error -1032 (0xfffffbf8).

[ System Events ]

Error - 3/11/2010 1:49:23 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 9:53:22 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC0000001'

while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring

the volume.

Error - 3/11/2010 10:54:42 AM | Computer Name = DCVB8HB1 | Source = Cdrom | ID = 262155

Description = The driver detected a controller error on \Device\CdRom0.

Error - 3/11/2010 10:56:11 AM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 1:40:22 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_HQZLXFO\0000 disappeared from the system without

first being prepared for removal.

Error - 3/11/2010 3:36:01 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7000

Description = The Automatic Updates service failed to start due to the following

error: %%2

Error - 3/11/2010 3:36:27 PM | Computer Name = DCVB8HB1 | Source = System Error | ID = 1003

Description = Error code 1000007f, parameter1 00000008, parameter2 80042000, parameter3

00000000, parameter4 00000000.

Error - 3/11/2010 4:16:29 PM | Computer Name = DCVB8HB1 | Source = Service Control Manager | ID = 7034

Description = The Creative Labs Licensing Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 3/11/2010 4:23:57 PM | Computer Name = DCVB8HB1 | Source = PlugPlayManager | ID = 11

Description = The device Root\LEGACY_ATVTLIIK\0000 disappeared from the system without

first being prepared for removal.

< End of report >

Link to post
Share on other sites

Hello Lesli.

Leave the windows updates notice alone. Leave the updates for later on, when I advise.

You will want to print out or copy these instructions to Notepad for offline reference!

eusa_hand.gifIf you are a casual viewer, do NOT try this on your system!

If you are not Lesli and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

icon_arrow.gif Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

Open McAfee Security Center

  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.
    Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)
  • Next, select never for "When to re-enable real time scanning"
  • and click OK.

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :files
    C:\recycler
    D:\recycler
    e:\recycler
    f:\recycler
    g:\recycler
    h:\recycler
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    "ProxyOverride"=-
    "ProxyEnable"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    "ProxyOverride"=-
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.

  • icon_arrow.gif Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

Use your browser to go here at Virustotal website

Click the Browse button and then navigate to c:\windows\system32\drivers\63aa8b10.sys, then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for c:\windows\system32\drivers\e01bf75e.sys

Repeat the same steps for C:\WINDOWS\System32\E4F206FC12.sys

Save the results, and post back here in a reply.

Step 3

Scan the system with the Kaspersky Online Scanner

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

icon_arrow.gifAttention: Kaspersky Online Scanner 7.0 may not run successfully while another antivirus program is running. If you have Anti-Virus software installed, please temporarily disable your AV protection before running the Kaspersky Online Scanner. Reenable it after the scan is finished.

During this run, make sure your browser does not block popup windows. Have patience while some screens populate.

Read the Information block presented on the screen, and then press the Accept button.

1) Accept the agreement

2) The necessary files will be downloaded and installed. Please have plenty of patience.

3) After Kaspersky AntiVirus Database is updated, look at the Scan box.

4) Click the My Computer line

5 ) Be infinetely patient, the scan is comprehensive and, unlike other online antivirus scanners, will detect all malwares

6) When the scan is completed there will be an option to Save report as a .txt file. Click that button. Copy and paste the report into your reply.

( To see an animated tutorial-how-to on the scan, see >>this link<<)

icon_arrow.gifRe-enable your McAfee antivirus program after Kaspersky has finished.

Kapersky Online Scanner can be uninstalled later on from Add or Remove Programs in the Control Panel, if desired.

Do not be alarmed if Kaspersky tags items that are already in quarantine by MBAM, or other quarantine.

Kaspersky is a report only and does not remove files.

Reply with copy of the OTL MovedFiles log

and the results from Virustotal scans

and Kaspersky.txt report

How is your system now icon_question.gif

Link to post
Share on other sites

Hi Maurice,

So I couldn't get kaspersky to download, I could get to the website, the program begins to open, then disappears. As far as the Virustotal, I couldn't find one of the files, one was found but when I sent it it said 0 bytes received (I tried twice), the third one I found and it sent. The computer seems to be working well.

Lesli

All processes killed

========== FILES ==========

C:\RECYCLER\S-1-5-21-550576934-994621700-1303650900-1006 folder moved successfully.

C:\RECYCLER folder moved successfully.

D:\RECYCLER\S-1-5-21-550576934-994621700-1303650900-1006 folder moved successfully.

D:\RECYCLER folder moved successfully.

File\Folder e:\recycler not found.

File\Folder f:\recycler not found.

File\Folder g:\recycler not found.

File\Folder h:\recycler not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Lesli

->Temp folder emptied: 1645468 bytes

->Temporary Internet Files folder emptied: 22100279 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 21130685 bytes

->Apple Safari cache emptied: 191761898 bytes

->Flash cache emptied: 2298976 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->FireFox cache emptied: 3494447 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 534537 bytes

->Flash cache emptied: 405 bytes

User: Owner

->Temp folder emptied: 0 bytes

User: TEMP

->Temporary Internet Files folder emptied: 0 bytes

User: TEMP.DCVB8HB1

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 5552657 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2720111 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 240.00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.37.0 log created on 03142010_092203

Files\Folders moved on Reboot...

C:\Documents and Settings\Lesli\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp moved successfully.

C:\Documents and Settings\Lesli\Local Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.

File\Folder C:\WINDOWS\temp\mcmsc_JPjGBxrNrtYXVh1 not found!

File\Folder C:\WINDOWS\temp\mcmsc_WwSKUdz6u7outwv not found!

Registry entries deleted on Reboot...

63aa8b10.sys

(Was not able to locate file when I browsed)

e01bf75e.sys

0 bytes size received / Se ha recibido un archivo vacio

E4F206FC12.sys

a-squared 4.5.0.50 2010.03.14 -

AhnLab-V3 5.0.0.2 2010.03.14 -

AntiVir 8.2.1.180 2010.03.12 -

Antiy-AVL 2.0.3.7 2010.03.12 -

Authentium 5.2.0.5 2010.03.13 -

Avast 4.8.1351.0 2010.03.14 -

Avast5 5.0.332.0 2010.03.14 -

AVG 9.0.0.787 2010.03.14 -

BitDefender 7.2 2010.03.14 -

CAT-QuickHeal 10.00 2010.03.13 -

ClamAV 0.96.0.0-git 2010.03.14 -

Comodo 4261 2010.03.14 -

DrWeb 5.0.1.12222 2010.03.14 -

eSafe 7.0.17.0 2010.03.14 -

eTrust-Vet 35.2.7359 2010.03.12 -

F-Prot 4.5.1.85 2010.03.14 -

F-Secure 9.0.15370.0 2010.03.14 -

Fortinet 4.0.14.0 2010.03.13 -

GData 19 2010.03.14 -

Ikarus T3.1.1.80.0 2010.03.14 -

Jiangmin 13.0.900 2010.03.14 -

K7AntiVirus 7.10.997 2010.03.13 -

Kaspersky 7.0.0.125 2010.03.14 -

McAfee 5920 2010.03.14 -

McAfee+Artemis 5920 2010.03.14 -

McAfee-GW-Edition 6.8.5 2010.03.13 -

Microsoft 1.5502 2010.03.12 -

NOD32 4943 2010.03.14 -

Norman 6.04.08 2010.03.14 -

nProtect 2009.1.8.0 2010.03.13 -

Panda 10.0.2.2 2010.03.14 -

PCTools 7.0.3.5 2010.03.14 -

Rising 22.38.04.03 2010.03.12 -

Sophos 4.51.0 2010.03.14 -

Sunbelt 5878 2010.03.14 -

Symantec 20091.2.0.41 2010.03.14 -

TheHacker 6.5.2.0.233 2010.03.13 -

TrendMicro 9.120.0.1004 2010.03.14 -

VBA32 3.12.12.2 2010.03.14 -

ViRobot 2010.3.13.2226 2010.03.13 -

VirusBuster 5.0.27.0 2010.03.13 -

Additional information

File size: 88 bytes

MD5...: 8b628f5aff751009b145eca9ceab1b86

SHA1..: 99fc5731e978ed545c507f5f58b172c4f099585f

SHA256: ed3045ac8c2ef7f01ff6c48c5c8461f454a88f3dfa04c0fb273116206620b166

ssdeep: 3:hl/L/PCN/n:fXg

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: MS Flight Simulator Aircraft Performance Info (100.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

Link to post
Share on other sites

Lesli,

I'd like for you to do an online scan at ESET website (in lieu of the Kaspersky) after a new MBAM run.

Step 1

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 2

Using Internet Explorer browser only, go to ESET Online Scanner website:

Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

Step 3

Next:

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Then copy/paste the following into your post (in order):

  • the contents of the MBAM scan log
  • the contents of the ESET scan log
  • the contents of Log.txt
  • the contents of Info.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.