IP-BLOCK

[starfire]

I have been receiving notification of blocked IPs for some time. However the frequency and different IP numbers have increased recently. I need help in determining the extent, danger of the infection and also cleaning it.

The logs requested in "I'm infected - What do I do now" are below with the exception of GMER. I attempted to run it several times but it freezes up each time at \Device\Harddisk\VolumeShadowCopy1 .

I am running Windows 7.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4216

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/19/2010 2:58:44 PM

mbam-log-2010-06-19 (14-58-44).txt

Scan type: Quick scan

Objects scanned: 137552

Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by CB at 14:23:56.16 on Sat 06/19/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1403 [GMT -5:00]

SP: SpywareBot *disabled* (Updated) {CBF38615-148C-41B9-81EC-AD91B82EB940}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\taskeng.exe

C:\PROGRA~1\McAfee\VirusScan\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\System32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Desktop Weather Lab Alert\liveonline_3334812.exe

C:\Program Files\Secunia\PSI\psi.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\DllHost.exe

C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\taskeng.exe

C:\Users\CB\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: {0A87E45F-537A-40B4-B812-E2544C21A09F} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [iSUSPM Startup] c:\progra~1\common~1\installshield\updateservice\isuspm.exe -startup

StartupFolder: c:\users\cb\appdata\roaming\micros~1\windows\startm~1\programs\startup\desktop weather lab alert.lnk - c:\program files\desktop weather lab alert\liveonline_3334812.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee security scan plus.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: turbotax.com

DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9D911A72-A973-11D2-AE75-00E02912FF46} - hxxps://brpti.brp.com/trainingoffice/system/iexec.ocx

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\cb\appdata\roaming\mozilla\firefox\profiles\bv2c2xva.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\cb\appdata\roaming\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\cb\appdata\roaming\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\users\cb\appdata\roaming\mozilla\firefox\profiles\bv2c2xva.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-3-29 214664]

R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-10-29 208896]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-2 304464]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-6 210216]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcproxy\McProxy.exe [2007-9-13 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\virusscan\mcshield.exe [2007-7-31 144704]

R2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\drivers\nmsgopro.sys [2006-9-27 28672]

R2 nmsunidr;UniDriver for NMS;c:\windows\system32\drivers\nmsunidr.sys [2006-10-19 7424]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-25 1153368]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-9 20952]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\virusscan\mcsysmon.exe [2008-6-18 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-3-29 79816]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-3-29 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-3-29 40552]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]

S2 gupdate1ca0b0cf385aaa8;Google Update Service (gupdate1ca0b0cf385aaa8);c:\program files\google\update\GoogleUpdate.exe [2009-7-22 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-29 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-18 174552]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-3-29 34248]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

=============== Created Last 30 ================

2010-06-19 18:22:55 239579331 ----a-w- c:\windows\MEMORY.DMP

2010-06-14 20:29:00 0 d-----w- c:\program files\Sophos

2010-06-13 16:08:05 0 ----a-w- c:\users\cb\defogger_reenable

2010-06-09 11:18:57 2326528 ----a-w- c:\windows\system32\win32k.sys

2010-06-09 11:18:53 977920 ----a-w- c:\windows\system32\wininet.dll

2010-06-09 11:18:51 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-09 11:18:35 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-09 11:18:35 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-06-05 19:14:55 0 d-----w- c:\program files\Trend Micro

2010-05-29 11:52:41 0 d-----w- c:\program files\Bonjour Print Services

2010-05-29 11:52:00 0 d-----w- c:\program files\Bonjour

2010-05-29 11:25:26 0 d-----w- c:\program files\Secunia

2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-26 00:42:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-26 00:02:38 0 d-----w- c:\program files\Spybot - Search & Destroy

==================== Find3M ====================

2010-05-22 23:04:17 5664 ----a-w- c:\users\cb\appdata\roaming\wklnhst.dat

2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-12 22:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-03-25 01:14:00 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-03-25 01:14:00 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-03-25 01:14:00 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-03-25 01:14:00 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-01-23 12:24:17 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-03-08 19:03:21 23 --sha-w- c:\windows\system32\edacded0_x.dat

2010-03-07 22:22:28 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:25:09.99 ===============

Attach.zip

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[starfire]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[starfire]

Thank you for your offer to assist me. Below is the ComboFix log you requested.

Charles

ComboFix 10-06-19.03 - CB 06/20/2010 6:39.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2046.1325 [GMT -5:00]

Running from: c:\users\CB\Desktop\ComboFix.exe

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\CB\AppData\Roaming\MoveMediaPlayerWinSilent_071505000011.exe

c:\users\CB\Desktop\Games.url

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\system32\BSTIEPrintCtl1.dll

.

((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))

.

2010-06-20 11:45 . 2010-06-20 11:45 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2010-06-20 11:45 . 2010-06-20 11:45 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-06-14 20:29 . 2010-06-17 20:40 -------- d-----w- c:\program files\Sophos

2010-06-10 20:02 . 2010-06-10 20:02 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-09 11:18 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys

2010-06-09 11:18 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll

2010-06-09 11:18 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-06-09 11:18 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-06-09 11:18 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-06-05 19:14 . 2010-06-05 19:14 -------- d-----w- c:\program files\Trend Micro

2010-05-29 11:52 . 2010-05-29 11:52 -------- d-----w- c:\program files\Bonjour Print Services

2010-05-29 11:52 . 2010-05-29 11:52 -------- d-----w- c:\program files\Bonjour

2010-05-29 11:25 . 2010-05-29 11:25 -------- d-----w- c:\program files\Secunia

2010-05-28 11:04 . 2010-05-28 11:04 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2010-05-26 00:42 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll

2010-05-26 00:02 . 2010-05-26 00:06 -------- d-----w- c:\program files\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-20 10:55 . 2008-06-12 02:48 -------- d-----w- c:\program files\SpywareBlaster

2010-06-19 14:44 . 2008-04-26 15:59 -------- d-----w- c:\programdata\Google Updater

2010-06-18 22:49 . 2009-11-08 18:01 -------- d-----w- c:\program files\Mozilla Thunderbird

2010-06-16 19:09 . 2007-03-29 13:29 -------- d-----w- c:\program files\McAfee

2010-06-13 11:37 . 2009-12-13 16:25 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-10 20:03 . 2008-10-03 00:23 -------- d-----w- c:\program files\Safari

2010-06-06 11:10 . 2008-02-29 19:46 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-04 11:51 . 2010-03-28 11:50 439816 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\setup.exe

2010-05-28 11:20 . 2010-01-29 14:15 -------- d-----w- c:\program files\Microsoft

2010-05-26 21:55 . 2007-04-10 15:09 -------- d-----w- c:\program files\CCleaner

2010-05-26 00:04 . 2007-04-14 22:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-05-22 23:04 . 2007-04-09 23:16 5664 ----a-w- c:\users\CB\AppData\Roaming\wklnhst.dat

2010-05-22 18:10 . 2007-03-29 13:26 -------- d-----w- c:\programdata\Roxio

2010-05-21 19:14 . 2009-10-03 10:59 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-12 11:13 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-05-12 11:12 . 2009-11-08 01:08 -------- d-----w- c:\program files\Java

2010-05-11 12:16 . 2010-05-11 12:16 -------- d-----w- c:\users\CB\AppData\Roaming\DeviceDoctorSoftware

2010-05-11 12:16 . 2010-05-11 12:16 -------- d-----w- c:\program files\Device Doctor

2010-05-08 20:41 . 2010-05-08 20:41 20854256 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe

2010-05-02 23:03 . 2009-01-10 02:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-29 20:39 . 2009-01-10 02:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2009-01-10 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 02:44 . 2010-04-26 18:05 -------- d-----w- c:\programdata\Yahoo! Companion

2010-04-26 18:05 . 2010-04-26 18:05 -------- d-----w- c:\program files\Yahoo!

2010-04-26 18:05 . 2010-04-26 18:05 -------- d-----w- c:\users\CB\AppData\Roaming\Yahoo!

2010-04-12 22:29 . 2010-05-12 11:12 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-03-28 19:50 . 2010-03-28 19:50 79368 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe

2010-03-28 19:50 . 2010-03-28 19:50 64000 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll

2010-03-28 19:50 . 2010-03-28 19:50 52288 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll

2010-03-28 19:50 . 2010-03-28 19:50 50688 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll

2010-03-28 19:50 . 2010-03-28 19:50 49152 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll

2010-03-28 19:50 . 2010-03-28 19:50 118784 ----a-w- c:\users\CB\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll

2010-03-25 01:14 . 2010-03-25 01:14 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-03-25 01:14 . 2010-03-25 01:14 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2010-03-25 01:14 . 2010-03-25 01:14 197920 ----a-w- c:\windows\system32\dnssdX.dll

2010-03-25 01:14 . 2010-03-25 01:14 107808 ----a-w- c:\windows\system32\dns-sd.exe

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-03-08 19:03 . 2009-03-08 19:03 23 --sha-w- c:\windows\System32\edacded0_x.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]

"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"ISUSPM Startup"="c:\progra~1\COMMON~1\installshield\updateservice\isuspm.exe" [2006-10-03 221184]

c:\users\CB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Desktop Weather Lab Alert.lnk - c:\program files\Desktop Weather Lab Alert\liveonline_3334812.exe [2008-11-18 454656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-5-22 805392]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2007-10-10 00:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2006-11-17 21:19 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2006-10-03 16:35 221184 ----a-w- c:\progra~1\COMMON~1\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]

2009-03-28 11:33 79872 ----a-w- c:\users\CB\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

2007-02-08 05:16 303104 ----a-w- c:\windows\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-03-15 11:44 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

R2 gupdate1ca0b0cf385aaa8;Google Update Service (gupdate1ca0b0cf385aaa8);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 133104]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\FE6B.tmp [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]

S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]

S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]

S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2007-11-16 c:\windows\Tasks\DiskDefragmenter.job

- c:\program files\McAfee\MQC\QcConsol.exe [2009-10-22 17:22]

2010-06-20 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-12 22:34]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:42]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 20:42]

2008-01-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-22 17:22]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: turbotax.com

DPF: {9D911A72-A973-11D2-AE75-00E02912FF46} - hxxps://brpti.brp.com/trainingoffice/system/iexec.ocx

FF - ProfilePath - c:\users\CB\AppData\Roaming\Mozilla\Firefox\Profiles\bv2c2xva.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\CB\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\users\CB\AppData\Roaming\Mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\FE6B.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2010-06-20 06:49:20

ComboFix-quarantined-files.txt 2010-06-20 11:49

Pre-Run: 173,139,447,808 bytes free

Post-Run: 173,043,437,568 bytes free

- - End Of File - - 687DAE78A811A931088435E1EF0360D5

[Elise]

Hello there,

Please let me know how things are running after these steps. If you still get the IP blocks, please let me know how you are connected to the internet.

[starfire]

Hello there,

Please let me know how things are running after these steps. If you still get the IP blocks, please let me know how you are connected to the internet.

Hi,

I am still getting blocked IPs. Below is a copy of Malwarebytes log showing blocked IPs after ComboFix ran.

05:56:00 CB MESSAGE Protection started successfully

05:56:04 CB MESSAGE IP Protection started successfully

06:21:14 CB IP-BLOCK 221.192.199.49

06:21:14 CB IP-BLOCK 221.192.199.49

06:21:14 CB IP-BLOCK 221.192.199.49

06:55:34 CB MESSAGE Protection started successfully

06:55:38 CB MESSAGE IP Protection started successfully

06:55:45 CB IP-BLOCK 173.244.198.143

08:03:14 CB IP-BLOCK 221.192.199.49

08:03:14 CB IP-BLOCK 221.192.199.49

08:03:14 CB IP-BLOCK 221.192.199.49

I am connected to the internet via Cox Cable high speed service.

[starfire]

Hi,

I am still getting blocked IPs. Below is a copy of Malwarebytes log showing blocked IPs after ComboFix ran.

05:56:00 CB MESSAGE Protection started successfully

05:56:04 CB MESSAGE IP Protection started successfully

06:21:14 CB IP-BLOCK 221.192.199.49

06:21:14 CB IP-BLOCK 221.192.199.49

06:21:14 CB IP-BLOCK 221.192.199.49

06:55:34 CB MESSAGE Protection started successfully

06:55:38 CB MESSAGE IP Protection started successfully

06:55:45 CB IP-BLOCK 173.244.198.143

08:03:14 CB IP-BLOCK 221.192.199.49

08:03:14 CB IP-BLOCK 221.192.199.49

08:03:14 CB IP-BLOCK 221.192.199.49

I am connected to the internet via Cox Cable high speed service.

[Elise]

Hello again,

• Please download TDSSKiller.zip and save it to your desktop.
  
• Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  
• Click Start > Run and copy paste the following bolded text in the run box
  "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  
• When it finished press any key to continue.
  
• If needed reboot the computer.
  

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

[starfire]

Hello again,

• Please download TDSSKiller.zip and save it to your desktop.
  
• Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  
• Click Start > Run and copy paste the following bolded text in the run box
  "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  
• When it finished press any key to continue.
  
• If needed reboot the computer.
  

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

Hi,

I did download TDSSKiller.zip. Unzipped to desktop. It is in a file C:\Users\CB\Desktop\tdsskiller . I then clicked start and in the box that opened I put "%userprofile%\desktop\tdsskiller.exe" -l report.txt and got the following message "no items match my search" minus the quotes.

Am I going about this the wrong way?

[starfire]

Hi,

I did download TDSSKiller.zip. Unzipped to desktop. It is in a file C:\Users\CB\Desktop\tdsskiller . I then clicked start and in the box that opened I put "%userprofile%\desktop\tdsskiller.exe" -l report.txt and got the following message "no items match my search" minus the quotes.

Am I going about this the wrong way?

[starfire]

Hi,

If you could see my face . It is very red. I am embarrassed. I was not pasting the required info into a run box but a search box. I recently upgraded from Vista to Windows 7 . In order to get a run option, the windows menu has to be altered and run checked. Ok its done and the TDSSKiller logfile is below.

14:18:01:027 4956 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

14:18:01:027 4956 ================================================================================

14:18:01:027 4956 SystemInfo:

14:18:01:027 4956 OS Version: 6.1.7600 ServicePack: 0.0

14:18:01:027 4956 Product type: Workstation

14:18:01:027 4956 ComputerName: CB-PC

14:18:01:027 4956 UserName: CB

14:18:01:027 4956 Windows directory: C:\Windows

14:18:01:027 4956 Processor architecture: Intel x86

14:18:01:027 4956 Number of processors: 2

14:18:01:027 4956 Page size: 0x1000

14:18:01:042 4956 Boot type: Normal boot

14:18:01:042 4956 ================================================================================

14:18:13:531 4956 Initialize success

14:18:13:531 4956

14:18:13:531 4956 Scanning Services ...

14:18:14:467 4956 Raw services enum returned 496 services

14:18:14:482 4956

14:18:14:482 4956 Scanning Drivers ...

14:18:14:638 4956

14:18:14:638 4956 Completed

14:18:14:638 4956

14:18:14:638 4956 Results:

14:18:14:638 4956 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

14:18:14:638 4956 File objects infected / cured / cured on reboot: 0 / 0 / 0

14:18:14:638 4956

14:18:14:638 4956 KLMD(ARK) unloaded successfully

[Elise]

No problem

Lets do some more investigating here to see what might be the problem.

OTL

-----

Please download OTL from one of the following mirrors:

• • This is THE Mirror
    

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened
  
• Extra.txt <-- Will be minimized
  

[starfire]

Hi,

I ran OTL and generated the logs. I lost Extra.txt so I ran OTL again. Each time I ran it, it will generate a new OTListit.txt but it will not generate another Extra.txt . I am sorry for the mistake. Below is the OTListit.txt log.

OTL logfile created on: 6/21/2010 10:32:22 AM - Run 10

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\CB\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 161.53 Gb Free Space | 72.51% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.52 Gb Free Space | 55.20% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CB-PC

Current User Name: CB

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/21 10:02:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2010/05/28 06:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/12 23:42:44 | 000,918,264 | ---- | M] () -- C:\Program Files\SpywareBlaster\sbautoupdate.exe

PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/05/21 10:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe

PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/02/11 11:06:36 | 000,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/11/18 18:01:15 | 000,454,656 | ---- | M] () -- C:\Program Files\Desktop Weather Lab Alert\liveonline_3334812.exe

PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2007/02/08 00:16:22 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe

PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2010/06/21 10:02:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

MOD - [2009/06/10 16:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcr80.dll

MOD - [2009/02/11 11:06:38 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/02/25 16:18:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)

SRV - [2009/02/11 11:06:36 | 000,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2007/02/08 00:16:22 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®

SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®

SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®

SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®

SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv

SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)

SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2010/05/28 06:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/06/05 20:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®

DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)

DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/09/29 14:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)

DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.msn.com/"

FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4

FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {9458ca25-39fd-4ba8-9520-acc5c0d877b6}:1.5.4

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2

FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - prefs.js..extensions.enabledItems: optout@google.com:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503

FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/11/04 17:34:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/04 17:34:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 06:46:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 08:24:31 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/12 06:12:20 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/02 08:30:46 | 000,000,000 | ---D | M]

[2010/03/19 06:07:38 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Extensions

[2010/03/19 06:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CB\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/06/21 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions

[2009/11/04 18:02:11 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}

[2010/04/27 05:54:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/26 14:48:34 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}

[2009/11/04 18:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{9458ca25-39fd-4ba8-9520-acc5c0d877b6}

[2010/06/04 06:19:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009/11/04 18:02:12 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2010/05/27 21:26:40 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}

[2009/11/04 18:02:12 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2010/04/20 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\longurlplease@darragh.curran

[2010/04/27 05:53:56 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\optout@google.com

[2010/05/27 21:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions

[2009/05/10 17:14:17 | 000,000,681 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\ask.xml

[2010/01/29 09:40:18 | 000,002,171 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\bing.xml

[2007/07/10 16:08:15 | 000,001,406 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\siteadvisor.gif

[2007/07/10 16:08:14 | 000,000,276 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\siteadvisor.src

[2007/04/11 07:17:16 | 000,002,386 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\siteadvisor.xml

[2010/06/21 10:10:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/12 06:12:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/06/20 06:46:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - No CLSID value found.

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\CB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Weather Lab Alert.lnk = C:\Program Files\Desktop Weather Lab Alert\liveonline_3334812.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)

O15 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-2796442465-4165935331-2669090609-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9D911A72-A973-11D2-AE75-00E02912FF46} https://brpti.brp.com/trainingoffice/system/iexec.ocx (InetExec Class)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{f8d4c3df-e764-11db-a00c-001676b6a947}\Shell - "" = AutoRun

O33 - MountPoints2\{f8d4c3df-e764-11db-a00c-001676b6a947}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/21 10:02:32 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

[2010/06/20 13:48:50 | 000,000,000 | ---D | C] -- C:\Users\CB\Desktop\tdsskiller

[2010/06/20 06:49:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/06/20 06:36:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/06/20 06:36:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/06/20 06:36:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/06/20 06:36:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/06/20 06:36:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/06/20 06:31:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/19 13:06:23 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\CB\Desktop\TFC.exe

[2010/06/14 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/06/13 11:53:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/06/09 06:18:57 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/06/09 06:18:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/06/09 06:18:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/06/09 06:18:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/06/09 06:18:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/06/09 06:18:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/06/09 06:18:35 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/06/09 06:18:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/06/05 14:14:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/05/31 10:41:12 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\CB\Desktop\TDSSKiller.exe

[2010/05/29 06:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services

[2010/05/29 06:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/05/29 06:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2010/05/28 06:04:52 | 000,014,896 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010/05/25 19:42:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/05/25 19:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2010/06/21 10:32:59 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/06/21 10:31:50 | 000,057,873 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2010/06/21 10:30:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/21 10:30:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/21 10:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/21 10:30:08 | 1608,978,432 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/21 10:17:20 | 008,388,608 | -HS- | M] () -- C:\Users\CB\NTUSER.DAT

[2010/06/21 10:17:01 | 002,004,330 | -H-- | M] () -- C:\Users\CB\AppData\Local\IconCache.db

[2010/06/21 10:02:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

[2010/06/21 09:19:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/21 08:50:54 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/21 08:50:54 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/20 13:48:53 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\CB\Desktop\TDSSKiller.exe

[2010/06/20 08:39:07 | 000,019,968 | ---- | M] () -- C:\Users\CB\Documents\HIP.doc

[2010/06/20 08:39:05 | 000,005,664 | ---- | M] () -- C:\Users\CB\AppData\Roaming\wklnhst.dat

[2010/06/20 08:30:06 | 000,005,764 | ---- | M] () -- C:\Users\CB\Desktop\ComboFix.zip

[2010/06/20 08:30:04 | 000,005,764 | ---- | M] () -- C:\Users\CB\Documents\ComboFix.zip

[2010/06/20 06:46:09 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/06/20 06:46:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/06/19 18:27:15 | 000,001,920 | ---- | M] () -- C:\Users\CB\Documents\Safari Bookmarks.html

[2010/06/19 15:26:52 | 000,004,210 | ---- | M] () -- C:\Users\CB\Desktop\Attach.zip

[2010/06/19 13:06:27 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\TFC.exe

[2010/06/19 10:35:09 | 000,094,512 | ---- | M] () -- C:\Users\CB\Documents\bookmarks.html

[2010/06/17 15:36:09 | 001,376,832 | ---- | M] () -- C:\Users\CB\Desktop\sar_15_sfx.exe

[2010/06/16 17:54:57 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk

[2010/06/13 11:08:05 | 000,000,000 | ---- | M] () -- C:\Users\CB\defogger_reenable

[2010/06/10 15:03:41 | 000,002,533 | ---- | M] () -- C:\Users\CB\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/06/10 15:03:41 | 000,002,509 | ---- | M] () -- C:\Users\CB\Desktop\Safari.lnk

[2010/06/09 06:29:08 | 000,432,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/06 10:58:27 | 000,525,824 | ---- | M] () -- C:\Users\CB\Desktop\dds.scr

[2010/06/06 10:45:25 | 000,050,477 | ---- | M] () -- C:\Users\CB\Desktop\Defogger.exe

[2010/06/05 14:14:55 | 000,002,051 | ---- | M] () -- C:\Users\CB\Desktop\HijackThis.lnk

[2010/06/04 08:32:46 | 000,144,115 | ---- | M] () -- C:\Users\CB\Documents\UO_RO_Academic_Calendar_2009-2014.pdf

[2010/05/28 06:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010/05/27 02:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/05/26 22:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/05/26 16:55:17 | 000,001,837 | ---- | M] () -- C:\Users\CB\Desktop\CCleaner.lnk

[2010/05/25 19:02:43 | 000,001,238 | ---- | M] () -- C:\Users\CB\Desktop\Spybot - Search & Destroy.lnk

[2010/05/22 14:11:13 | 000,001,515 | ---- | M] () -- C:\Users\CB\Desktop\Windows Media Player.lnk

========== Files Created - No Company Name ==========

[2010/06/20 08:51:29 | 000,005,764 | ---- | C] () -- C:\Users\CB\Desktop\ComboFix.zip

[2010/06/20 08:30:04 | 000,005,764 | ---- | C] () -- C:\Users\CB\Documents\ComboFix.zip

[2010/06/20 06:36:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/06/20 06:36:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/06/20 06:36:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/06/20 06:36:55 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/06/20 06:36:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/06/19 18:27:15 | 000,001,920 | ---- | C] () -- C:\Users\CB\Documents\Safari Bookmarks.html

[2010/06/19 14:27:29 | 000,004,210 | ---- | C] () -- C:\Users\CB\Desktop\Attach.zip

[2010/06/19 10:35:09 | 000,094,512 | ---- | C] () -- C:\Users\CB\Documents\bookmarks.html

[2010/06/17 15:36:02 | 001,376,832 | ---- | C] () -- C:\Users\CB\Desktop\sar_15_sfx.exe

[2010/06/13 11:08:05 | 000,000,000 | ---- | C] () -- C:\Users\CB\defogger_reenable

[2010/06/10 20:30:33 | 000,002,509 | ---- | C] () -- C:\Users\CB\Desktop\Safari.lnk

[2010/06/06 10:58:24 | 000,525,824 | ---- | C] () -- C:\Users\CB\Desktop\dds.scr

[2010/06/06 10:45:25 | 000,050,477 | ---- | C] () -- C:\Users\CB\Desktop\Defogger.exe

[2010/06/05 14:14:55 | 000,002,051 | ---- | C] () -- C:\Users\CB\Desktop\HijackThis.lnk

[2010/06/04 08:32:46 | 000,144,115 | ---- | C] () -- C:\Users\CB\Documents\UO_RO_Academic_Calendar_2009-2014.pdf

[2010/05/25 19:02:43 | 000,001,238 | ---- | C] () -- C:\Users\CB\Desktop\Spybot - Search & Destroy.lnk

[2010/05/22 14:11:13 | 000,001,515 | ---- | C] () -- C:\Users\CB\Desktop\Windows Media Player.lnk

[2009/10/03 13:50:25 | 000,000,196 | ---- | C] () -- C:\Windows\Quicken.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/05/27 08:58:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2007/11/12 17:33:27 | 000,000,391 | ---- | C] () -- C:\Windows\cdplayer.ini

[2007/04/23 18:05:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2007/04/23 18:05:39 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2007/03/29 08:32:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

[2006/02/13 08:56:04 | 000,000,438 | ---- | C] () -- C:\Windows\System32\dlcxplc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 392 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

[Elise]

Hi, do you get the IP blocks constantly or only when browsing the internet?

[starfire]

Hi, do you get the IP blocks constantly or only when browsing the internet?

I can't say because I unchecked the tooltip balloon. I believe it is both. My wife uses this machine also and while I might think it has been idle, she could have been on it.

Let me ask this question. Malwarebytes is blocking these IPs. Should I be concerned about accessing my credit card and bank accounts? I pay bills and other financial transactions on this machine.

Do you think we might find the malware or should I start thinking about reformatting.

Below is today's IP blocked log up to this time.

05:37:30 CB MESSAGE Protection started successfully

05:37:33 CB MESSAGE IP Protection started successfully

05:45:50 CB IP-BLOCK 173.244.198.143

05:52:17 CB MESSAGE IP Protection stopped

05:52:18 CB MESSAGE IP Protection started successfully

06:45:44 CB IP-BLOCK 221.192.199.49

06:45:44 CB IP-BLOCK 221.192.199.49

06:45:44 CB IP-BLOCK 221.192.199.49

08:45:53 CB MESSAGE Protection started successfully

08:45:57 CB MESSAGE IP Protection started successfully

10:33:01 CB MESSAGE Protection started successfully

10:33:05 CB MESSAGE IP Protection started successfully

10:35:21 CB IP-BLOCK 173.244.198.143

10:46:50 CB IP-BLOCK 221.192.199.35

10:46:50 CB IP-BLOCK 221.192.199.35

10:46:50 CB IP-BLOCK 221.192.199.35

11:20:22 CB IP-BLOCK 221.192.199.49

11:20:22 CB IP-BLOCK 221.192.199.49

11:20:30 CB IP-BLOCK 221.192.199.49

11:25:11 CB IP-BLOCK 218.8.245.123

11:25:11 CB IP-BLOCK 218.8.245.123

11:25:11 CB IP-BLOCK 218.8.245.123

[Elise]

At this point I see no signs of serious malware that would endanger your online banking data. The IP's are indeed blocked, so prevented from doing any harm. However its not good they are there in the first place.

Can you please check if your firewall is turned on?

[starfire]

At this point I see no signs of serious malware that would endanger your online banking data. The IP's are indeed blocked, so prevented from doing any harm. However its not good they are there in the first place.

Can you please check if your firewall is turned on?

Hi,

Yes my firewall is on. I have the McAfee SecurityCenter that came installed on the system from Dell.

In your opinion, do you think the Malware will be found. I am prepared or I should say getting prepared to reformat the system. I am satisfied with the job Malwarebytes is doing but I would like to try and rid the system of this malware.

[Elise]

There isn't something like "undetectable malware" Some is harder to find than other.

Can you please run a full system scan with MBAM and post me the results?

[starfire]

There isn't something like "undetectable malware" Some is harder to find than other.

Can you please run a full system scan with MBAM and post me the results?

Hi,

I appreciate your tenacity. Below is the log you requested.

Thank you

6/23/2010 6:51:00 AM

mbam-log-2010-06-23 (06-51-00).txt

Scan type: Full scan (C:\|)

Objects scanned: 247500

Time elapsed: 1 hour(s), 5 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[Elise]

Hello again,

OTL

-----

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
     

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Copy and Paste the following code into the textbox. Do not include the word "Code"

%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\at*.job

[*]Push

[*]A report will open. Copy and Paste that report in your next reply.

[starfire]

Hello again,

OTL

-----

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
     

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Copy and Paste the following code into the textbox. Do not include the word "Code"

%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\at*.job

[*]Push

[*]A report will open. Copy and Paste that report in your next reply.

Hi

Below is the report you requested.

OTL logfile created on: 6/23/2010 12:02:35 PM - Run 11

OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\CB\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 160.88 Gb Free Space | 72.21% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.52 Gb Free Space | 55.20% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CB-PC

Current User Name: CB

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/23 12:00:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2010/05/28 06:04:52 | 000,911,920 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/02/11 11:06:36 | 000,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/11/18 18:01:15 | 000,454,656 | ---- | M] () -- C:\Program Files\Desktop Weather Lab Alert\liveonline_3334812.exe

PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2007/02/08 00:16:22 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2006/11/18 07:01:42 | 000,182,744 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

PRC - [2006/11/18 07:01:32 | 000,272,856 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

PRC - [2006/11/12 02:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe

PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

PRC - [2006/10/03 11:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (SafeList) ==========

MOD - [2010/06/23 12:00:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

MOD - [2009/06/10 16:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b

5\msvcr80.dll

MOD - [2009/02/11 11:06:38 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/02/25 16:18:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)

SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)

SRV - [2009/02/11 11:06:36 | 000,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2007/02/08 00:16:22 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®

SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®

SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®

SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®

SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv

SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)

SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2010/05/28 06:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 18:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 17:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2009/06/05 20:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®

DRV - [2008/02/29 03:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)

DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/09/29 14:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)

DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.order.1: "Ask"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.msn.com/"

FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4

FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {9458ca25-39fd-4ba8-9520-acc5c0d877b6}:1.5.4

FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2

FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.8

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1

FF - prefs.js..extensions.enabledItems: optout@google.com:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503

FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/11/04 17:34:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/04 17:34:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 06:46:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/22 16:42:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/22 16:42:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/02 08:30:46 | 000,000,000 | ---D | M]

[2010/03/19 06:07:38 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Extensions

[2010/03/19 06:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CB\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/06/23 10:40:13 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions

[2009/11/04 18:02:11 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}

[2010/04/27 05:54:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/26 14:48:34 | 000,000,000 | ---D | M] (Stealther) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}

[2009/11/04 18:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{9458ca25-39fd-4ba8-9520-acc5c0d877b6}

[2010/06/04 06:19:28 | 000,000,000 | ---D | M] (WOT) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009/11/04 18:02:12 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}

[2010/05/27 21:26:40 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}

[2009/11/04 18:02:12 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2010/04/20 09:47:52 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\longurlplease@darragh.curran

[2010/04/27 05:53:56 | 000,000,000 | ---D | M] -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\optout@google.com

[2010/05/27 21:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CB\AppData\Roaming\mozilla\Firefox\Profiles\bv2c2xva.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions

[2009/05/10 17:14:17 | 000,000,681 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\ask.xml

[2010/01/29 09:40:18 | 000,002,171 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\bing.xml

[2007/07/10 16:08:15 | 000,001,406 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\siteadvisor.gif

[2007/07/10 16:08:14 | 000,000,276 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\siteadvisor.src

[2007/04/11 07:17:16 | 000,002,386 | ---- | M] () -- C:\Users\CB\AppData\Roaming\Mozilla\FireFox\Profiles\bv2c2xva.default\searchplugins\siteadvisor.xml

[2010/06/23 10:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/12 06:12:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/20 06:46:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - No CLSID value found.

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\CB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Weather Lab Alert.lnk = C:\Program Files\Desktop Weather Lab Alert\liveonline_3334812.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h30155.www3.hp.com/ediags/dd/instal...osticsVista.cab (HPDDClientExec Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9D911A72-A973-11D2-AE75-00E02912FF46} https://brpti.brp.com/trainingoffice/system/iexec.ocx (InetExec Class)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{f8d4c3df-e764-11db-a00c-001676b6a947}\Shell - "" = AutoRun

O33 - MountPoints2\{f8d4c3df-e764-11db-a00c-001676b6a947}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/23 12:00:05 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

[2010/06/23 11:44:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2010/06/23 05:24:20 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2010/06/23 05:24:20 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2010/06/23 05:24:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2010/06/22 17:35:26 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2010/06/22 17:35:25 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2010/06/22 17:35:25 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010/06/22 17:35:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010/06/22 10:34:07 | 000,000,000 | R-SD | C] -- C:\Users\CB\Documents\My Stationery

[2010/06/20 06:49:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2010/06/20 06:36:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2010/06/20 06:36:55 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2010/06/20 06:36:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2010/06/20 06:36:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2010/06/20 06:36:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/06/20 06:31:00 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/06/19 13:06:23 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\CB\Desktop\TFC.exe

[2010/06/14 15:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos

[2010/06/13 11:53:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/06/09 06:18:57 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/06/09 06:18:53 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/06/09 06:18:53 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/06/09 06:18:53 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010/06/09 06:18:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/06/09 06:18:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2010/06/09 06:18:35 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/06/09 06:18:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/05/29 06:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services

[2010/05/29 06:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/05/29 06:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2010/05/28 06:04:52 | 000,014,896 | ---- | C] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010/05/25 19:42:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/05/25 19:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

========== Files - Modified Within 30 Days ==========

[2010/06/23 12:04:55 | 008,388,608 | -HS- | M] () -- C:\Users\CB\NTUSER.DAT

[2010/06/23 12:00:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\OTL.exe

[2010/06/23 11:46:41 | 000,005,664 | ---- | M] () -- C:\Users\CB\AppData\Roaming\wklnhst.dat

[2010/06/23 11:19:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/23 11:07:11 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/06/23 05:36:52 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/23 05:36:52 | 000,009,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/23 05:30:42 | 000,058,035 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2010/06/23 05:29:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/23 05:29:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/23 05:29:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/23 05:29:10 | 1608,978,432 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/23 05:28:16 | 002,065,815 | -H-- | M] () -- C:\Users\CB\AppData\Local\IconCache.db

[2010/06/20 08:39:07 | 000,019,968 | ---- | M] () -- C:\Users\CB\Documents\HIP.doc

[2010/06/20 08:30:04 | 000,005,764 | ---- | M] () -- C:\Users\CB\Documents\ComboFix.zip

[2010/06/20 06:46:09 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

[2010/06/20 06:46:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/06/19 18:27:15 | 000,001,920 | ---- | M] () -- C:\Users\CB\Documents\Safari Bookmarks.html

[2010/06/19 13:06:27 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\CB\Desktop\TFC.exe

[2010/06/19 10:35:09 | 000,094,512 | ---- | M] () -- C:\Users\CB\Documents\bookmarks.html

[2010/06/16 17:54:57 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk

[2010/06/13 11:08:05 | 000,000,000 | ---- | M] () -- C:\Users\CB\defogger_reenable

[2010/06/10 15:03:41 | 000,002,533 | ---- | M] () -- C:\Users\CB\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/06/10 15:03:41 | 000,002,509 | ---- | M] () -- C:\Users\CB\Desktop\Safari.lnk

[2010/06/09 06:29:08 | 000,432,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/06 10:45:25 | 000,050,477 | ---- | M] () -- C:\Users\CB\Desktop\Defogger.exe

[2010/06/04 08:32:46 | 000,144,115 | ---- | M] () -- C:\Users\CB\Documents\UO_RO_Academic_Calendar_2009-2014.pdf

[2010/05/28 06:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\Windows\System32\drivers\psi_mf.sys

[2010/05/27 02:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2010/05/26 22:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2010/05/26 16:55:17 | 000,001,837 | ---- | M] () -- C:\Users\CB\Desktop\CCleaner.lnk

[2010/05/25 19:02:43 | 000,001,238 | ---- | M] () -- C:\Users\CB\Desktop\Spybot - Search & Destroy.lnk

========== Files Created - No Company Name ==========

[2010/06/20 08:30:04 | 000,005,764 | ---- | C] () -- C:\Users\CB\Documents\ComboFix.zip

[2010/06/20 06:36:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2010/06/20 06:36:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2010/06/20 06:36:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2010/06/20 06:36:55 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

[2010/06/20 06:36:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010/06/19 18:27:15 | 000,001,920 | ---- | C] () -- C:\Users\CB\Documents\Safari Bookmarks.html

[2010/06/19 10:35:09 | 000,094,512 | ---- | C] () -- C:\Users\CB\Documents\bookmarks.html

[2010/06/13 11:08:05 | 000,000,000 | ---- | C] () -- C:\Users\CB\defogger_reenable

[2010/06/10 20:30:33 | 000,002,509 | ---- | C] () -- C:\Users\CB\Desktop\Safari.lnk

[2010/06/06 10:45:25 | 000,050,477 | ---- | C] () -- C:\Users\CB\Desktop\Defogger.exe

[2010/06/04 08:32:46 | 000,144,115 | ---- | C] () -- C:\Users\CB\Documents\UO_RO_Academic_Calendar_2009-2014.pdf

[2010/05/25 19:02:43 | 000,001,238 | ---- | C] () -- C:\Users\CB\Desktop\Spybot - Search & Destroy.lnk

[2009/10/03 13:50:25 | 000,000,196 | ---- | C] () -- C:\Windows\Quicken.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/05/27 08:58:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2007/11/12 17:33:27 | 000,000,391 | ---- | C] () -- C:\Windows\cdplayer.ini

[2007/04/23 18:05:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2007/04/23 18:05:39 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini

[2007/03/29 08:32:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

[2006/02/13 08:56:04 | 000,000,438 | ---- | C] () -- C:\Windows\System32\dlcxplc.ini

========== Custom Scans ==========

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll

[2009/07/13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

[2009/07/13 20:16:15 | 000,496,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\taskschd.dll

< %systemroot%\Tasks\at*.job >

========== Alternate Data Streams ==========

@Alternate Data Stream - 404 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

[Elise]

Hello again, please run the following fix and let me know how things are afterwards.

OTL FIX

------------

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   

   :otl
   O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
   
   :commands
   [emptytemp]

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

[starfire]

Hello again, please run the following fix and let me know how things are afterwards.

OTL FIX

------------

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   

   :otl
   O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
   
   :commands
   [emptytemp]

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

Hi

OTL did ask for a reboot. Below is the log you requested.

All processes killed

========== OTL ==========

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//@surf.mar@/\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CB

->Temp folder emptied: 1716225 bytes

->Temporary Internet Files folder emptied: 1714913 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 84861572 bytes

->Apple Safari cache emptied: 116230768 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 60728 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: IUSR_NMPR

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 27100 bytes

RecycleBin emptied: 1038275 bytes

Total Files Cleaned = 196.00 mb

OTL by OldTimer - Version 3.2.6.1 log created on 06232010_150815

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\mcafee_8HghCnA0yJqDRi3 not found!

File\Folder C:\Windows\temp\mcmsc_5YYe5fzKjz07U1b not found!

File\Folder C:\Windows\temp\mcmsc_bVGMOFd2gIuB6tt not found!

File\Folder C:\Windows\temp\mcmsc_dgFyOHE5SA8OIYr not found!

File\Folder C:\Windows\temp\mcmsc_UdPFXmZb7cjjyta not found!

File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

C:\Windows\temp\sqlite_0cLdFeeKZA15tas moved successfully.

File\Folder C:\Windows\temp\sqlite_cdtG2GeNiYZJvGF not found!

File\Folder C:\Windows\temp\sqlite_EeRfOg1lUhEaW4R not found!

C:\Windows\temp\sqlite_hPAtRYjSRZF3W43 moved successfully.

File\Folder C:\Windows\temp\sqlite_r4kMYXU38IMrT4M not found!

File\Folder C:\Windows\temp\sqlite_YtWVL6etFsrMkBx not found!

Registry entries deleted on Reboot...

[Elise]

let me know how things are afterwards.

Please let me know if anything has changed

[starfire]

Please let me know if anything has changed

Hi

I thought your last effort had eliminated the malware. However it appears that the malware is still somewhere in the system. I am putting a copy of yesterdays and today's log. Today's is from the time I turned the computer on up to this post. The logs are below.

Thank you

Log from yesterday 6/23/10

05:21:53 CB MESSAGE Protection started successfully

05:21:57 CB MESSAGE IP Protection started successfully

05:31:42 CB MESSAGE Protection started successfully

05:31:47 CB MESSAGE IP Protection started successfully

05:32:49 CB IP-BLOCK 173.244.198.143

07:46:13 CB IP-BLOCK 218.8.245.123

07:46:13 CB IP-BLOCK 218.8.245.123

07:46:13 CB IP-BLOCK 218.8.245.123

09:54:35 CB IP-BLOCK 222.186.25.17

09:54:35 CB IP-BLOCK 222.186.25.17

09:54:35 CB IP-BLOCK 222.186.25.17

13:51:00 CB IP-BLOCK 218.8.245.123

13:51:00 CB IP-BLOCK 218.8.245.123

13:51:00 CB IP-BLOCK 218.8.245.123

15:13:10 CB MESSAGE Protection started successfully

15:13:14 CB MESSAGE IP Protection started successfully

19:36:59 CB MESSAGE IP Protection stopped

19:36:59 CB MESSAGE IP Protection started successfully

20:16:36 CB IP-BLOCK 218.8.245.123

20:16:36 CB IP-BLOCK 218.8.245.123

20:16:36 CB IP-BLOCK 218.8.245.123

Log for today 6/24/10

05:08:56 CB MESSAGE Protection started successfully

05:08:59 CB MESSAGE IP Protection started successfully

05:17:16 CB IP-BLOCK 173.244.198.143

06:29:49 CB IP-BLOCK 221.192.199.35

06:29:49 CB IP-BLOCK 221.192.199.35

06:29:49 CB IP-BLOCK 221.192.199.35

07:06:59 CB IP-BLOCK 218.8.245.123

07:06:59 CB IP-BLOCK 218.8.245.123

07:06:59 CB IP-BLOCK 218.8.245.123