Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

mcafee sec.center finds files but cannot delete them [Solved]


  • This topic is locked This topic is locked

#1
tjmk

tjmk

    Member

  • Member
  • PipPip
  • 38 posts
hi all
recently had some excellent help from sage5 to clean up my laptop. now i'm going to ask for help cleaning my dell home pc.

mcafee security suite keeps coming up with two files. click on the choice to remove the files and get the error message file cannot be deleted. one is detected as adware-go hip : webcom.webbar. the other is adware commonname.dll. i'm sure, like most computers, there are other baddies on the system as well.

i've gone thru the malware removal guide.
- TFC
- sysrestorepoint
- erunt
-malwarebytes (see log below)
- mcafee full scan
- windows update (cannot get windows-sp3 to install, all other updates except ie8 are done)
- rootkit (see log below)
- OTL (see logs below)

thanks in advance
- j :)


here are the logs

mbam:

Malwarebytes' Anti-Malware 1.37
Database version: 2259
Windows 5.1.2600 Service Pack 2

6/10/2009 2:53:57 PM
mbam-log-2009-06-10 (14-53-57).txt

Scan type: Quick Scan
Objects scanned: 103360
Time elapsed: 13 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


rootkit:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:76253 Mo/Free:1440 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Fixed] - FAT32 - (Total:8016 Mo/Free:562 Mo)
G:\ [Fixed] - FAT32 - (Total:5261 Mo/Free:750 Mo)
H:\ [Fixed] - FAT32 - (Total:6263 Mo/Free:2342 Mo)

Thu 06/11/2009| 7:37

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\program files\common files\mcafee\mna\mcnasvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\DSentry.exe
---------- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
---------- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
---------- C:\WINDOWS\System32\hkcmd.exe
---------- C:\WINDOWS\wanmpsvc.exe
---------- C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
---------- C:\Program Files\McAfee.com\Agent\mcagent.exe
---------- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
---------- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\DellSupport\DSAgnt.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/31/2009|14:43
2 - "C:\Rooter$\Rooter_2.txt" - Thu 06/11/2009| 7:39

----------------------\\ Scan completed at 7:39

OTL

OTL logfile created on: 6/11/2009 7:42:28 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\tjmk\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 538.46 Mb Available Physical Memory | 52.69% Memory free
1.90 Gb Paging File | 1.47 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 21.41 Gb Free Space | 28.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.83 Gb Total Space | 0.55 Gb Free Space | 7.01% Space Free | Partition Type: FAT32
Drive G: | 5.14 Gb Total Space | 4.73 Gb Free Space | 92.12% Space Free | Partition Type: FAT32
Drive H: | 6.12 Gb Total Space | 2.29 Gb Free Space | 37.40% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: D4J0FH31
Current User Name: tjmk
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\tjmk\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\program files\common files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (uploadmgr [Auto | Stopped]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DSproct [On_Demand | Running]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (EL90XBC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (i81x [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (iAimFP0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys (Intel® Corporation)
DRV - (iAimFP1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys (Intel® Corporation)
DRV - (iAimFP2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys (Intel® Corporation)
DRV - (iAimFP3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys (Intel® Corporation)
DRV - (iAimFP4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys (Intel® Corporation)
DRV - (iAimTV0 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys (Intel® Corporation)
DRV - (iAimTV1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys (Intel® Corporation)
DRV - (iAimTV3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys (Intel® Corporation)
DRV - (iAimTV4 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys (Intel® Corporation)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (UdfReadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/07 21:01:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/14 22:22:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/10 15:43:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/10 15:42:48 | 00,000,000 | ---D | M]

[2009/06/10 15:43:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tjmk\Application Data\mozilla\Extensions
[2009/06/10 15:43:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tjmk\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/10 15:43:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\tjmk\Application Data\mozilla\Firefox\Profiles\cms4woew.default\extensions
[2009/06/10 15:42:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/10 15:42:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/23 21:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 21:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 17:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 17:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 17:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 17:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 17:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 17:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 17:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304006 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10477 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C7768536-96F8-4001-B1A2-90EE21279187} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [Microsoft Works Update Detection] ࠳粑\WkDetect.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://appldnld.m7z....iTunesSetup.exe (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.co...76/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} http://www.xblock.co...clean_micro.exe (Reg Error: Key error.)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} https://cs8b.instant...erxsigned41.cab (CustomerCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,19/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.s...ta/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.s.../ActiveData.cab (ActiveDataObj Class)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://tahoehouse.vi...om/MpegInst.cab (pmpeg4cam Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: ppctlcab http://www.pestscan....er/ppctlcab.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Cribbage http://download.game...nts/y/it1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download.game...nts/y/tt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Towers 2.0 http://download.game...ts/y/ywt0_x.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/25 22:41:44 | 00,000,324 | ---- | M] () - F:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [1999/09/14 16:28:26 | 00,000,324 | -HS- | M] () - F:\autoexec.old -- [ FAT32 ]
O32 - AutoRun File - [1997/03/12 21:48:26 | 00,000,100 | -HS- | M] () - F:\autoexec.dos -- [ FAT32 ]
O32 - AutoRun File - [1994/12/21 10:18:06 | 00,000,528 | ---- | M] () - F:\AUTO.SAV -- [ FAT32 ]
O32 - AutoRun File - [2001/03/18 19:52:36 | 00,000,326 | ---- | M] () - F:\autoexec.nav -- [ FAT32 ]
O33 - MountPoints2\{34859915-2478-11de-a56d-00038a000015}\Shell\AutoRun\command - "" = J:\WDSetup.exe -- File not found
O33 - MountPoints2\{78b60621-8f49-11dd-a53e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{78b60621-8f49-11dd-a53e-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78b60621-8f49-11dd-a53e-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c681b530-d3ba-11dd-a557-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{c681b530-d3ba-11dd-a557-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c681b530-d3ba-11dd-a557-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d995eaf2-5b4a-11db-a4ac-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{d995eaf2-5b4a-11db-a4ac-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d995eaf2-5b4a-11db-a4ac-00038a000015}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/11 07:41:41 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/11 07:41:41 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\tjmk\Desktop\OTL.exe
[2009/06/10 23:13:28 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/06/10 15:43:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tjmk\Application Data\Mozilla
[2009/06/10 15:42:52 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/10 12:08:39 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\tjmk\Desktop\NTREGOPT.lnk
[2009/06/10 12:08:38 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\tjmk\Desktop\ERUNT.lnk
[2009/06/10 12:08:14 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\tjmk\Desktop\erunt_setup.exe
[2009/06/10 12:07:04 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\tjmk\Desktop\SysRestorePoint.exe
[2009/06/10 11:27:21 | 00,264,704 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\tjmk\Desktop\TFC.exe
[2009/06/08 12:26:47 | 00,174,609 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\pta calendar 09-10.pdf
[2009/06/08 12:26:38 | 00,143,360 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\pta calendar 09-10.doc
[2009/06/08 11:54:43 | 00,036,748 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\pta calendar 09-10.docx
[2009/06/08 09:22:46 | 00,017,530 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\calendar_2009_10.pdf
[2009/06/03 20:43:01 | 00,067,323 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\5th grade yearbook update 06 03 09.pdf
[2009/06/02 14:32:22 | 00,033,280 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\office depot quote request 6 09 back.xls
[2009/06/02 13:37:47 | 00,215,466 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\Emoticons geekstogo.docx
[2009/06/02 00:04:23 | 00,015,935 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\office depot quote request 09.docx
[2009/05/31 14:41:01 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/31 14:40:52 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\tjmk\Desktop\Rooter.exe
[2009/05/31 14:40:36 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\Rooter.exe
[2009/05/30 20:00:24 | 00,011,673 | ---- | C] () -- C:\Documents and Settings\tjmk\My Documents\NEVER FULLY DRESSED LYRICS.docx
[2009/05/28 10:39:58 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/28 10:39:54 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/28 10:39:50 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/28 10:39:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/28 10:38:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/28 10:38:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/17 22:58:44 | 00,000,000 | ---D | C] -- C:\DOCUME~1\tjmk\Desktop\tom forms
[2008/10/10 16:48:51 | 00,000,083 | ---- | C] () -- C:\WINDOWS\kidcalc.INI
[2008/09/15 11:55:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/11 18:00:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Felix.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/29 21:37:14 | 00,000,378 | ---- | C] () -- C:\WINDOWS\DESKADV.INI
[2007/03/08 21:13:33 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/02/12 11:22:06 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/12 11:21:36 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2006/12/29 18:25:06 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2006/09/01 19:32:39 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/08/29 21:15:28 | 00,191,690 | ---- | C] () -- C:\WINDOWS\Copy of CCScore.ini
[2006/04/21 09:10:18 | 00,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2006/01/27 19:34:48 | 00,001,120 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2005/12/27 13:12:05 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/23 19:41:28 | 00,000,434 | ---- | C] () -- C:\WINDOWS\Operation.ini
[2005/09/25 17:43:38 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/09/25 17:42:10 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/09/25 15:41:31 | 00,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/09/25 14:25:41 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2005/07/02 07:47:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\System32\nuhk820l.ini
[2005/05/03 11:44:44 | 00,025,157 | ---- | C] () -- C:\WINDOWS\RMAgentOutput.dll
[2005/05/03 11:43:44 | 00,126,976 | ---- | C] () -- C:\WINDOWS\dllTSCLIBMT.dll
[2005/04/07 01:54:26 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\x517_256.dll
[2005/03/23 01:12:41 | 00,000,084 | ---- | C] () -- C:\WINDOWS\System32\nwsrmodn.dll
[2005/03/07 19:46:41 | 00,002,647 | ---- | C] () -- C:\WINDOWS\chpctrl.ini
[2004/11/12 18:53:46 | 00,000,530 | ---- | C] () -- C:\WINDOWS\tomr1.ini
[2004/10/01 17:33:46 | 00,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/29 08:30:46 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\devenum(5).dll
[2004/09/29 08:30:12 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(5).dll
[2004/09/29 08:29:46 | 01,246,208 | ---- | C] () -- C:\WINDOWS\System32\quartz(5).dll
[2004/09/20 14:06:52 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/09/20 14:05:59 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/09/20 14:05:39 | 01,246,208 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/09/20 10:47:14 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\devenum(3).dll
[2004/09/20 10:46:43 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(3).dll
[2004/09/20 10:46:20 | 01,246,208 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/18 16:15:58 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\devenum(4).dll
[2004/08/09 10:33:54 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/09 10:33:50 | 00,000,045 | ---- | C] () -- C:\WINDOWS\JFLHGLLN.ini
[2004/07/30 22:01:48 | 00,000,198 | ---- | C] () -- C:\WINDOWS\ACTIVITY.INI
[2004/07/24 11:00:38 | 00,100,864 | ---- | C] () -- C:\WINDOWS\keyhook3.dll
[2004/07/24 11:00:34 | 00,000,191 | ---- | C] () -- C:\WINDOWS\slideshow.ini
[2004/05/25 14:32:29 | 00,006,338 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004/04/28 13:57:03 | 00,001,063 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/04/17 09:57:32 | 00,000,057 | ---- | C] () -- C:\WINDOWS\SNAPFI~1.INI
[2004/03/28 19:18:56 | 00,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2004/03/15 21:17:33 | 00,272,619 | ---- | C] () -- C:\WINDOWS\CCScore.ini
[2004/03/13 11:30:47 | 00,000,688 | ---- | C] () -- C:\WINDOWS\alice.ini
[2004/03/12 11:25:00 | 00,000,734 | ---- | C] () -- C:\WINDOWS\pi^2.ini
[2004/03/12 11:22:32 | 00,000,530 | ---- | C] () -- C:\WINDOWS\tjmk.ini
[2004/03/12 09:52:10 | 00,004,779 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2004/03/12 09:52:10 | 00,004,558 | ---- | C] () -- C:\WINDOWS\chipsold.ini
[2004/03/12 09:52:10 | 00,001,061 | ---- | C] () -- C:\WINDOWS\andrewg.ini
[2004/03/12 09:52:10 | 00,000,836 | ---- | C] () -- C:\WINDOWS\symmetry.ini
[2004/03/12 09:52:10 | 00,000,753 | ---- | C] () -- C:\WINDOWS\tcclppgc.ini
[2004/03/12 09:52:10 | 00,000,733 | ---- | C] () -- C:\WINDOWS\adrienne.ini
[2004/03/12 09:52:10 | 00,000,702 | ---- | C] () -- C:\WINDOWS\computer.ini
[2004/03/12 09:52:10 | 00,000,674 | ---- | C] () -- C:\WINDOWS\tylers.ini
[2004/03/12 09:52:10 | 00,000,656 | ---- | C] () -- C:\WINDOWS\alicev1.ini
[2004/03/12 09:52:10 | 00,000,654 | ---- | C] () -- C:\WINDOWS\pi2.ini
[2004/03/12 09:52:10 | 00,000,632 | ---- | C] () -- C:\WINDOWS\angelfire1.ini
[2004/03/12 09:52:10 | 00,000,530 | ---- | C] () -- C:\WINDOWS\TCCLPpg.ini
[2004/03/12 09:52:10 | 00,000,530 | ---- | C] () -- C:\WINDOWS\pieguy.ini
[2004/02/22 18:42:24 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2004/01/28 14:11:39 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/01/03 01:11:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/12/15 19:54:34 | 00,000,278 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2003/12/10 18:10:54 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2003/11/30 01:03:25 | 00,000,326 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2003/11/08 19:33:03 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/11/08 18:20:36 | 00,004,776 | ---- | C] () -- C:\WINDOWS\entpackcclp2.ini
[2003/11/08 18:20:36 | 00,004,537 | ---- | C] () -- C:\WINDOWS\tchipset.ini
[2003/11/08 18:20:36 | 00,002,608 | ---- | C] () -- C:\WINDOWS\angelfire2.ini
[2003/11/08 18:20:36 | 00,001,450 | ---- | C] () -- C:\WINDOWS\pi2000.ini
[2003/11/08 18:20:36 | 00,001,216 | ---- | C] () -- C:\WINDOWS\jimmyv1.ini
[2003/11/08 18:20:36 | 00,000,963 | ---- | C] () -- C:\WINDOWS\jamesa1.ini
[2003/11/08 18:20:36 | 00,000,962 | ---- | C] () -- C:\WINDOWS\whint.ini
[2003/11/08 18:20:36 | 00,000,768 | ---- | C] () -- C:\WINDOWS\andrewg1.ini
[2003/11/08 18:20:36 | 00,000,710 | ---- | C] () -- C:\WINDOWS\kylew1.ini
[2003/11/08 18:20:36 | 00,000,637 | ---- | C] () -- C:\WINDOWS\skully1.ini
[2003/11/08 18:20:36 | 00,000,595 | ---- | C] () -- C:\WINDOWS\MichaelB1.ini
[2003/11/08 18:20:36 | 00,000,585 | ---- | C] () -- C:\WINDOWS\tryit.ini
[2003/11/08 18:20:36 | 00,000,534 | ---- | C] () -- C:\WINDOWS\pi.ini
[2003/11/08 18:20:35 | 00,004,650 | ---- | C] () -- C:\WINDOWS\alex.ini
[2003/11/08 18:20:35 | 00,000,564 | ---- | C] () -- C:\WINDOWS\wacky.ini
[2003/11/08 18:20:35 | 00,000,517 | ---- | C] () -- C:\WINDOWS\walkers.ini
[2003/11/08 17:22:57 | 00,005,418 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/10/30 10:55:46 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/10/30 10:49:34 | 00,000,890 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/10/30 10:48:19 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/10/30 10:41:37 | 00,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/10/30 10:28:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/10/30 10:14:04 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/05/30 10:00:02 | 01,246,208 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2002/12/11 23:14:32 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\msdmo(4).dll
[2002/12/05 17:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002/09/03 07:59:58 | 00,001,092 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 07:50:58 | 00,000,293 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/08/29 04:00:00 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_006062_.tmp.dll
[2002/08/29 04:00:00 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_006030_.tmp.dll
[2002/03/13 15:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/07/23 13:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/11/10 16:18:48 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Files - Modified Within 30 Days ==========

[2009/06/11 07:41:50 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\tjmk\Desktop\OTL.exe
[2009/06/11 07:24:51 | 00,031,855 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/06/11 07:22:37 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/06/11 07:21:54 | 00,000,062 | -HS- | M] () -- C:\DOCUME~1\tjmk\Local Settings\DESKTOP.INI
[2009/06/11 07:21:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/11 07:21:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/06/11 07:21:39 | 10,717,14304 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/11 07:21:39 | 00,444,512 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/10 23:16:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/10 15:42:52 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/10 15:35:58 | 00,000,006 | ---- | M] () -- C:\WINDOWS\System32\x517_256.dll
[2009/06/10 12:08:39 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\tjmk\Desktop\NTREGOPT.lnk
[2009/06/10 12:08:38 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\tjmk\Desktop\ERUNT.lnk
[2009/06/10 12:08:22 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\tjmk\Desktop\erunt_setup.exe
[2009/06/10 12:07:16 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\tjmk\Desktop\SysRestorePoint.exe
[2009/06/10 11:27:38 | 00,264,704 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\tjmk\Desktop\TFC.exe
[2009/06/08 12:28:50 | 00,174,609 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\pta calendar 09-10.pdf
[2009/06/08 12:26:40 | 00,143,360 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\pta calendar 09-10.doc
[2009/06/08 12:26:23 | 00,036,748 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\pta calendar 09-10.docx
[2009/06/08 09:22:46 | 00,017,530 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\calendar_2009_10.pdf
[2009/06/05 21:00:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\McAfee AntiSpyware.job
[2009/06/05 14:22:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/03 20:52:51 | 00,067,323 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\5th grade yearbook update 06 03 09.pdf
[2009/06/02 14:46:42 | 00,033,280 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\office depot quote request 6 09 back.xls
[2009/06/02 13:37:47 | 00,215,466 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\Emoticons geekstogo.docx
[2009/06/02 00:04:24 | 00,015,935 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\office depot quote request 09.docx
[2009/06/01 16:13:23 | 00,001,548 | ---- | M] () -- C:\DOCUME~1\tjmk\Desktop\CCleaner.lnk
[2009/06/01 09:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/05/31 14:41:00 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\tjmk\Desktop\Rooter.exe
[2009/05/31 14:40:38 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\Rooter.exe
[2009/05/30 20:13:14 | 00,011,673 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\NEVER FULLY DRESSED LYRICS.docx
[2009/05/29 21:57:47 | 00,001,092 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/28 10:39:58 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/25 00:24:06 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mssph.dll
[2009/05/15 17:20:53 | 00,083,968 | ---- | M] () -- C:\Documents and Settings\tjmk\My Documents\artshow class list 09.xls
[2009/05/15 01:00:00 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/05/12 15:12:14 | 00,026,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/05/12 15:12:14 | 00,016,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/05/12 11:04:47 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
< End of report >

extras
OTL Extras logfile created on: 6/11/2009 7:42:28 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\tjmk\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 538.46 Mb Available Physical Memory | 52.69% Memory free
1.90 Gb Paging File | 1.47 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): C:\pagefile.sys 1022 1222 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 21.41 Gb Free Space | 28.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 7.83 Gb Total Space | 0.55 Gb Free Space | 7.01% Space Free | Partition Type: FAT32
Drive G: | 5.14 Gb Total Space | 4.73 Gb Free Space | 92.12% Space Free | Partition Type: FAT32
Drive H: | 6.12 Gb Total Space | 2.29 Gb Free Space | 37.40% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: D4J0FH31
Current User Name: tjmk
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{087004CC-46B3-4016-96DF-73595706776C}" = EZface ActiveX 209
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1" = Yahoo! Photos Print-at-Home Tool
"{1A5488D7-314D-4CBC-89BF-C5B59510BDBA}" = Finding Nemo
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25AF0BD1-DF07-4447-8E91-28E99617C556}" = DeadAIM
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5FF4A578-4588-4ACF-8317-7191FC45F3E1}" = TaxCut California 2007
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{6549AA0C-6D93-4E76-9A13-6A6A0AA4FD6D}" = TaxCut California 2008
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{733D0C6D-1561-11D6-B234-0050DACD394D}" = Playhouse Disney's Stanley Wild for Sharks
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78F261F7-C5A3-11D6-893F-0002A5E32BEF}" = Disneys Digital Coloring Book Featuring Mickey
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3
"{9D98F245-3010-43C6-B3B0-67A464DA298E}" = ELNKInst
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B3350D7C-9D1B-44B3-A5A1-EDADC0D66109}" = Kid Pix Deluxe 4
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8E952E3-A823-443A-8493-39A0CCE0E3EB}" = HP Photo and Imaging 1.0 - Scanjet 3500c Series
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo UWF
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C769A271-7E1C-48F9-B331-474600DD4C01}" = Microsoft Picture It! Publishing Platinum 2002
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}" = RssReader
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F82EB619-2205-11D6-B2F7-0002A5E32BEF}" = Disney's Lilo and Stitch Hawaiian Adventure
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"3DGroove" = OTOY
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"America Online us" = America Online
"AOL Instant Messenger" = AOL Instant Messenger
"AolCoach" = AOL Coach Version 1.0(Build:20020823.1)
"Ares" = Ares 1.8.1
"Big Kahuna Reef 2" = Big Kahuna Reef 2 (remove only)
"Cars - Radiator Springs Adventures" = Cars - Radiator Springs Adventures
"CCleaner" = CCleaner (remove only)
"CCTools_is1" = CCTools v1.2b
"ChipEnd_is1" = ChipEnd 1.00
"CleanUp!" = CleanUp!
"Clue" = Clue
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"Disney's Active Play, A Bug's Life" = Disney's Active Play, A Bug's Life
"Disneys Digital Coloring Book Featuring Toy Story 2" = Disneys Digital Coloring Book Featuring Toy Story 2
"DivX Codec" = Remove DivX Codec
"DivX Player" = DivX Player
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.2.5
"Easy Video Capture_is1" = Easy Video Capture 1.20
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Felix_is1" = Felix
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 1.99.1
"Hoyle Solitaire and Mahjong" = Hoyle Solitaire and Mahjong
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp instant support" = hp instant support
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inspector Parker" = Inspector Parker
"InstallShield_{1A5488D7-314D-4CBC-89BF-C5B59510BDBA}" = Finding Nemo
"InstallShield_{3476E8FA-00F1-48AF-8771-236C84FC7CB8}" = iPod for Windows 2005-01-11
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"InstallShield_{9D98F245-3010-43C6-B3B0-67A464DA298E}" = Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
"InstallShield_{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo: Nemo's Underwater World of Fun
"InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
"InterActual Player" = InterActual Player
"kazaalite202_is1" = Kazaa Lite K++ v2.4.2
"LimeWire" = LimeWire 4.9.37
"Little Mermaid II" = Little Mermaid II Return to the Sea
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Press Interactive Training" = Microsoft Interactive Training
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"Musicnotes Player" = Musicnotes Player
"Mysteries of Fire Island_is1" = Mysteries of Fire Island 1.00
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoPrint@Home" = Ofoto Print@Home ActiveX Control
"OpDKey" = Operation
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Pencil-Pal Kindergarten" = Pencil-Pal Kindergarten
"Q903235" = Internet Explorer Q903235
"RealArcade 1.2" = RealArcade
"Serious Backgammon" = Serious Backgammon
"Shockwave" = Shockwave
"slideshow Screen Saver" = slideshow Screen Saver
"Slingo Quest" = Slingo Quest (remove only)
"Snood_is1" = Snood for Windows version 3.52-W
"Solitaire Master 3" = Solitaire Master 3
"Stitch's Blazing Lasers" = Stitch's Blazing Lasers
"TaxCut Deluxe 2005" = TaxCut Deluxe 2005
"TaxCut Premium 2006" = TaxCut Premium 2006
"The Muppets" = The Muppets Screen Saver
"Timmy Nick Clickable_is1" = Timmy Nick Clickable
"Topsy" = Topsy Turvy Games
"Trillian" = Trillian
"Trivia Time" = Trivia Time
"TurboTax Deluxe 2003" = TurboTax Deluxe 2003
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wonderland Adventures_is1" = Wonderland Adventures v1.00
"Wonderland v1.17_is1" = Wonderland v1.17
"Worms2" = Worms2
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer
"Yahoo! Mail AutoComplete" = Yahoo! Address AutoComplete
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/26/2009 3:00:42 PM | Computer Name = D4J0FH31 | Source = MsiInstaller | ID = 11722
Description = Product: Windows Live Sign-in Assistant -- Error 1722. There is a
problem with this Windows Installer package. A program run as part of the setup
did not finish as expected. Contact your support personnel or package vendor. Action
RegisterWLLoginProxy, location: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe, command: -regserver

Error - 5/27/2009 3:00:47 PM | Computer Name = D4J0FH31 | Source = MsiInstaller | ID = 11722
Description = Product: Windows Live Sign-in Assistant -- Error 1722. There is a
problem with this Windows Installer package. A program run as part of the setup
did not finish as expected. Contact your support personnel or package vendor. Action
RegisterWLLoginProxy, location: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe, command: -regserver

Error - 5/28/2009 3:01:04 PM | Computer Name = D4J0FH31 | Source = MsiInstaller | ID = 11722
Description = Product: Windows Live Sign-in Assistant -- Error 1722. There is a
problem with this Windows Installer package. A program run as part of the setup
did not finish as expected. Contact your support personnel or package vendor. Action
RegisterWLLoginProxy, location: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe, command: -regserver

Error - 5/29/2009 3:00:38 PM | Computer Name = D4J0FH31 | Source = MsiInstaller | ID = 11722
Description = Product: Windows Live Sign-in Assistant -- Error 1722. There is a
problem with this Windows Installer package. A program run as part of the setup
did not finish as expected. Contact your support personnel or package vendor. Action
RegisterWLLoginProxy, location: C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe, command: -regserver

Error - 5/30/2009 12:15:03 AM | Computer Name = D4J0FH31 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.2180, faulting module
comctl32.dll, version 6.0.2900.2982, fault address 0x00074740.

Error - 5/30/2009 3:12:01 AM | Computer Name = D4J0FH31 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/30/2009 3:12:01 AM | Computer Name = D4J0FH31 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/2/2009 5:31:52 PM | Computer Name = D4J0FH31 | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.2180, faulting module
comctl32.dll, version 6.0.2900.2982, fault address 0x00074740.

Error - 6/6/2009 3:13:39 AM | Computer Name = D4J0FH31 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/6/2009 3:13:39 AM | Computer Name = D4J0FH31 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ OSession Events ]
Error - 5/17/2009 1:36:01 PM | Computer Name = D4J0FH31 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/11/2009 2:38:56 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/11/2009 2:38:56 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 6/11/2009 2:38:56 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/11/2009 2:39:26 AM | Computer Name = D4J0FH31 | Source = DCOM | ID = 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.

Error - 6/11/2009 2:43:05 AM | Computer Name = D4J0FH31 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 6/11/2009 2:43:05 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 6/11/2009 2:43:05 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 6/11/2009 10:22:40 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7000
Description = The Upload Manager service failed to start due to the following error:
%%1079

Error - 6/11/2009 10:24:31 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 6/11/2009 10:24:37 AM | Computer Name = D4J0FH31 | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >

Attached Thumbnails

  • mcafee2a.JPG

  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi tjmk,

Welcome back,

Sorry for the delay in getting to you.

OK, on with the fix:

This is a similar looking infection, to the other machine, so I think we go down the same path.

First I need you to download the following tools & save them to your Desktop.
ComboFix from one of these locations:
Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply.
  • 0

#3
tjmk

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
hi,
thanks for coming back Sage5. no apologies needed. i totally understand that there are lots of people asking for help here, and of course life outside this has to happen too. i appreciate the help you all offer!

here is the combofix log

ComboFix 09-06-15.07 - tjmk 06/16/2009 8:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.475 [GMT -7:00]
Running from: c:\documents and settings\tjmk\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\patch.exe
c:\windows\system32\_002748_.tmp.dll
c:\windows\system32\_002754_.tmp.dll
c:\windows\system32\_002927_.tmp.dll
c:\windows\system32\_002928_.tmp.dll
c:\windows\system32\_002929_.tmp.dll
c:\windows\system32\_002930_.tmp.dll
c:\windows\system32\_002937_.tmp.dll
c:\windows\system32\_002938_.tmp.dll
c:\windows\system32\_002939_.tmp.dll
c:\windows\system32\_002941_.tmp.dll
c:\windows\system32\_002942_.tmp.dll
c:\windows\system32\_002945_.tmp.dll
c:\windows\system32\_002946_.tmp.dll
c:\windows\system32\_002948_.tmp.dll
c:\windows\system32\_002949_.tmp.dll
c:\windows\system32\_002950_.tmp.dll
c:\windows\system32\_002952_.tmp.dll
c:\windows\system32\_002953_.tmp.dll
c:\windows\system32\_002954_.tmp.dll
c:\windows\system32\_002955_.tmp.dll
c:\windows\system32\_002959_.tmp.dll
c:\windows\system32\_002960_.tmp.dll
c:\windows\system32\_002962_.tmp.dll
c:\windows\system32\_002965_.tmp.dll
c:\windows\system32\_002967_.tmp.dll
c:\windows\system32\_002968_.tmp.dll
c:\windows\system32\_002969_.tmp.dll
c:\windows\system32\_002970_.tmp.dll
c:\windows\system32\_002973_.tmp.dll
c:\windows\system32\_002975_.tmp.dll
c:\windows\system32\_002976_.tmp.dll
c:\windows\system32\_002977_.tmp.dll
c:\windows\system32\_002981_.tmp.dll
c:\windows\system32\_002983_.tmp.dll
c:\windows\system32\_003037_.tmp.dll
c:\windows\system32\_003043_.tmp.dll
c:\windows\system32\_003216_.tmp.dll
c:\windows\system32\_003217_.tmp.dll
c:\windows\system32\_003218_.tmp.dll
c:\windows\system32\_003219_.tmp.dll
c:\windows\system32\_003226_.tmp.dll
c:\windows\system32\_003227_.tmp.dll
c:\windows\system32\_003228_.tmp.dll
c:\windows\system32\_003230_.tmp.dll
c:\windows\system32\_003231_.tmp.dll
c:\windows\system32\_003234_.tmp.dll
c:\windows\system32\_003235_.tmp.dll
c:\windows\system32\_003237_.tmp.dll
c:\windows\system32\_003238_.tmp.dll
c:\windows\system32\_003239_.tmp.dll
c:\windows\system32\_003241_.tmp.dll
c:\windows\system32\_003242_.tmp.dll
c:\windows\system32\_003243_.tmp.dll
c:\windows\system32\_003244_.tmp.dll
c:\windows\system32\_003245_.tmp.dll
c:\windows\system32\_003619_.tmp.dll
c:\windows\system32\_003620_.tmp.dll
c:\windows\system32\_003621_.tmp.dll
c:\windows\system32\_003622_.tmp.dll
c:\windows\system32\_003629_.tmp.dll
c:\windows\system32\_003630_.tmp.dll
c:\windows\system32\_003631_.tmp.dll
c:\windows\system32\_003633_.tmp.dll
c:\windows\system32\_003634_.tmp.dll
c:\windows\system32\_003637_.tmp.dll
c:\windows\system32\_003638_.tmp.dll
c:\windows\system32\_003640_.tmp.dll
c:\windows\system32\_003641_.tmp.dll
c:\windows\system32\_003642_.tmp.dll
c:\windows\system32\_003644_.tmp.dll
c:\windows\system32\_003647_.tmp.dll
c:\windows\system32\_003648_.tmp.dll
c:\windows\system32\_003652_.tmp.dll
c:\windows\system32\_003653_.tmp.dll
c:\windows\system32\_003655_.tmp.dll
c:\windows\system32\_003658_.tmp.dll
c:\windows\system32\_003660_.tmp.dll
c:\windows\system32\_003661_.tmp.dll
c:\windows\system32\_003662_.tmp.dll
c:\windows\system32\_003663_.tmp.dll
c:\windows\system32\_003666_.tmp.dll
c:\windows\system32\_003667_.tmp.dll
c:\windows\system32\_003668_.tmp.dll
c:\windows\system32\_003669_.tmp.dll
c:\windows\system32\_003670_.tmp.dll
c:\windows\system32\_003675_.tmp.dll
c:\windows\system32\_003677_.tmp.dll
c:\windows\system32\_003678_.tmp.dll
c:\windows\system32\_004008_.tmp.dll
c:\windows\system32\_004009_.tmp.dll
c:\windows\system32\_004010_.tmp.dll
c:\windows\system32\_004011_.tmp.dll
c:\windows\system32\_004018_.tmp.dll
c:\windows\system32\_004019_.tmp.dll
c:\windows\system32\_004020_.tmp.dll
c:\windows\system32\_004022_.tmp.dll
c:\windows\system32\_004023_.tmp.dll
c:\windows\system32\_004026_.tmp.dll
c:\windows\system32\_004027_.tmp.dll
c:\windows\system32\_004029_.tmp.dll
c:\windows\system32\_004030_.tmp.dll
c:\windows\system32\_004031_.tmp.dll
c:\windows\system32\_004033_.tmp.dll
c:\windows\system32\_004036_.tmp.dll
c:\windows\system32\_004037_.tmp.dll
c:\windows\system32\_004041_.tmp.dll
c:\windows\system32\_004042_.tmp.dll
c:\windows\system32\_004044_.tmp.dll
c:\windows\system32\_004047_.tmp.dll
c:\windows\system32\_004049_.tmp.dll
c:\windows\system32\_004050_.tmp.dll
c:\windows\system32\_004051_.tmp.dll
c:\windows\system32\_004052_.tmp.dll
c:\windows\system32\_004055_.tmp.dll
c:\windows\system32\_004056_.tmp.dll
c:\windows\system32\_004057_.tmp.dll
c:\windows\system32\_004058_.tmp.dll
c:\windows\system32\_004059_.tmp.dll
c:\windows\system32\_004064_.tmp.dll
c:\windows\system32\_004066_.tmp.dll
c:\windows\system32\_004067_.tmp.dll
c:\windows\system32\_006019_.tmp.dll
c:\windows\system32\_006020_.tmp.dll
c:\windows\system32\_006021_.tmp.dll
c:\windows\system32\_006022_.tmp.dll
c:\windows\system32\_006029_.tmp.dll
c:\windows\system32\_006030_.tmp.dll
c:\windows\system32\_006031_.tmp.dll
c:\windows\system32\_006032_.tmp.dll
c:\windows\system32\_006034_.tmp.dll
c:\windows\system32\_006035_.tmp.dll
c:\windows\system32\_006038_.tmp.dll
c:\windows\system32\_006039_.tmp.dll
c:\windows\system32\_006041_.tmp.dll
c:\windows\system32\_006042_.tmp.dll
c:\windows\system32\_006043_.tmp.dll
c:\windows\system32\_006045_.tmp.dll
c:\windows\system32\_006046_.tmp.dll
c:\windows\system32\_006048_.tmp.dll
c:\windows\system32\_006049_.tmp.dll
c:\windows\system32\_006053_.tmp.dll
c:\windows\system32\_006054_.tmp.dll
c:\windows\system32\_006056_.tmp.dll
c:\windows\system32\_006059_.tmp.dll
c:\windows\system32\_006061_.tmp.dll
c:\windows\system32\_006062_.tmp.dll
c:\windows\system32\_006063_.tmp.dll
c:\windows\system32\_006064_.tmp.dll
c:\windows\system32\_006065_.tmp.dll
c:\windows\system32\_006068_.tmp.dll
c:\windows\system32\_006069_.tmp.dll
c:\windows\system32\_006070_.tmp.dll
c:\windows\system32\_006071_.tmp.dll
c:\windows\system32\_006072_.tmp.dll
c:\windows\system32\_006077_.tmp.dll
c:\windows\system32\_006079_.tmp.dll
c:\windows\system32\_006080_.tmp.dll
c:\windows\system32\drivers\fad.sys
c:\windows\system32\w.e
c:\windows\system32\x517_256.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-10 22:43 . 2009-06-10 22:43 -------- d-----w- c:\documents and settings\tjmk\Local Settings\Application Data\Mozilla
2009-06-10 04:08 . 2009-06-10 04:08 152576 ----a-w- c:\documents and settings\tjmk\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-05-31 21:41 . 2009-06-11 14:39 -------- d-----w- C:\Rooter$
2009-05-28 17:39 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-28 17:39 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-28 17:39 . 2009-05-28 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-28 17:38 . 2009-06-10 19:08 -------- d-----w- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-11 14:21 . 2008-10-12 00:42 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-11 06:43 . 2008-10-11 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 04:11 . 2004-01-07 00:01 -------- d-----w- c:\program files\Java
2009-06-01 17:03 . 2003-11-08 20:53 143808 ----a-w- c:\documents and settings\tjmk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 05:04 . 2008-10-11 22:24 -------- d-----w- c:\program files\Microsoft Works
2009-05-28 00:42 . 2005-10-29 17:31 -------- d-----w- c:\program files\LimeWire
2009-05-25 07:24 . 2008-05-27 05:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-21 18:33 . 2008-12-15 05:23 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 22:50 . 2007-02-11 19:43 -------- d-----w- c:\documents and settings\tjmk\Application Data\SiteAdvisor
2009-05-12 22:12 . 2004-09-29 15:36 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:44 . 2008-10-12 22:27 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 02:10 . 2004-09-21 15:50 -------- d-----w- c:\program files\McAfee
2009-04-29 04:56 . 2006-09-02 02:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-09-02 04:01 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 17:25 . 2006-04-26 03:54 -------- d-----w- c:\program files\Google
2009-04-17 09:58 . 2008-10-12 22:27 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2006-09-02 02:32 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-08 21:55 . 2009-04-08 21:51 29813256 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101cupd.exe
2009-04-08 02:58 . 2009-04-08 02:58 152576 ----a-w- c:\documents and settings\tjmk\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-02 23:29 . 2009-04-02 23:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-25 18:06 . 2007-02-11 19:37 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 18:06 . 2007-02-11 19:37 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 18:06 . 2007-02-11 19:37 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 18:06 . 2007-02-11 19:37 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 18:05 . 2007-02-11 19:37 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 23:32 . 2008-01-29 19:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2005-09-12 18:10 . 2005-09-12 18:11 774144 ----a-w- c:\program files\RngInterstitial.dll
2004-12-24 19:02 . 2004-12-24 19:02 53955480 ----a-w- c:\program files\DesignPro5_2_Limited.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="???\WkDetect.exe" [?]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-22 155648]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"DeadAIM"="c:\program files\AIM\\DeadAIM.ocm" [2003-02-25 266313]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-22 126976]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-01-17 36904]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-10-30 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:03 PM 24652]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:42]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-11 17:53]

2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-11 17:53]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://tahoehouse.viewnetcam.com/MpegInst.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 08:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\mapi\Shell]
@DACL=(02 0000)
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1700)
c:\program files\SiteAdvisor\6253\saHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-16 8:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 15:45

Pre-Run: 22,531,518,464 bytes free
Post-Run: 22,400,552,960 bytes free

343 --- E O F --- 2009-05-29 19:00
  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi tjmk,

I see you have Kazaa & LimeWire installed on your system.
While these programs themselves are legal, most of the files downloaded with them, are not.
These programs can also be some of the major infection routes for an otherwise secure PC, because you might be unknowingly downloading infected files.
I highly recommend uninstalling Kazaa & LimeWire as outlined below.

The whole use of P2P (Peer to Peer) programs, likeKazaa&LimeWire, is risky for a number of reasons:
I will just deal with the security issues, without opening the ethical/copyright can of worms.

a) Most of these apps require some form of port forwarding. This involves forcing router ports to be open to the internet, reducing the security of your hardware/software firewall.

b) You have no way of knowing that what you are downloading is infected/compromised.

c) You also have no way of knowing what potentially harmful malware is running on the PCs you are connected to.

d) Many of the P2P & crack/keygen sites are responsible for "drive-by" infections, which then load other malware onto your PC later.

d) Many of the cracks & keygens, provided via torrents/P2P, are infected with Trojans, which then load other malware onto your PC later.


Kazaa Lite K++ v2.4.2
LimeWire 4.9.37

J2SE Runtime Environment 5.0 Update 6 --> old/outdated Java versions are a serious security risk.
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 5
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03

HijackThis 1.99.1 --> pretty well obsolete
America Online --> all these are optional to remove, but if you aren't using them, then go ahead.
AOL Instant Messenger
AOL Coach Version 1.0(Build:20020823.1)
MUSICMATCH Jukebox
Viewpoint Media Player
Yahoo! Toolbar for Internet Explorer
Yahoo! Address AutoComplete
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Toolbar
Yahoo! Photos Print-at-Home Tool


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Scroll down to where it says JRE 6 Update 14.
  • Click the "Download" button to the right.
  • Select your Operating System Platform, & Language and check the box that says: Java SE Runtime Environment 6u14 with JavaFX 1 License Agreement.
  • Click on Continue.
  • Click on the link to download jre-6u14-windows-i586.exe & save to your Desktop.
  • Close all programs you may have running - especially your web browser, then double click on the jre-6u14-windows-i586.exe
    Note: this version should uninstall all the previous versions from your PC
    (Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")

Proceed with the Scan:
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following are checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place, like C:\kasper.txt
  • Please post this log in your next reply.

Cheers,

sage5

Edited by sage5, 16 June 2009 - 05:03 PM.

  • 0

#5
tjmk

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
hi sage5

ok, after last weeks work on the laptop, i'd already decided to dump kazaa and limewire. they haven't been used in years anyway. i just hadn't gotten that far and figured it would be in your instructions (as they are now).

question: in the middle of your post, something seems missing. after a,b,c,d,d reasons, you list a bunch of what looks to be suggestions of files/programs to delete. did you want me to go into add/remove programs and delete these? i believe that's what we did on the other computer. anyway, read over your last post and see if this makes sense and also, if there is any other instructions left out before kaspersky.

i'll wait for your reply.

thanks
  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Yes. Delete those applications first.
Then click on the Kaspersky Webscanner link
Update Java if required.
Follow the instructions under Proceed with the Scan:
  • 0

#7
tjmk

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
whew - long scan. but good news it did work!

here is the kaspersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 17, 2009 01:02:33
Records in database: 2353079
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 268154
Threat name: 15
Infected objects: 20
Suspicious objects: 0
Duration of the scan: 05:54:21


File name / Threat name / Threats count
C:\SETUP_ARES.EXE Infected: not-a-virus:AdWare.Win32.NavExcel.d 1
C:\SETUP_ARES.EXE Infected: not-a-virus:AdWare.Win32.NavExcel.g 1
C:\SETUP_ARES.EXE Infected: not-a-virus:AdWare.Win32.NavExcel 1
C:\SETUP_ARES.EXE Infected: not-a-virus:AdWare.Win32.NavExcel.b 1
C:\SETUP_ARES.EXE Infected: not-a-virus:AdWare.Win32.NavExcel.i 1
F:\zipperfiles\odd stuff\findnemo.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
F:\zipperfiles\odd stuff\findnemo.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
F:\Documents and Settings\tjmk\Application Data\Identities\{4A7F6C00-5FF4-11D3-A160-9EDC1036BC27}\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Swen 1
F:\Documents and Settings\Michael\Local Settings\Temp\IPinsight.EXE Infected: Trojan-Downloader.Win32.Stubby.b 1
F:\Documents and Settings\Kari\Local Settings\Temporary Internet Files\Content.IE5\7NPEHRVW\marinefreed9[1].exe Infected: not-a-virus:AdWare.Win32.SaveNow.c 1
F:\Documents and Settings\Kari\Local Settings\Temporary Internet Files\Content.IE5\7NPEHRVW\marinefreed9[1].exe Infected: not-a-virus:AdWare.Win32.SaveNow.af 2
F:\Documents and Settings\Kari\Local Settings\Temporary Internet Files\Content.IE5\7NPEHRVW\marinefreed9[1].exe Infected: not-a-virus:AdWare.Win32.SaveNow.v 3
F:\Documents and Settings\Kari\Local Settings\Temporary Internet Files\Content.IE5\7NPEHRVW\marinefreed9[1].exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
F:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1398\A0105531.exe Infected: not-a-virus:AdWare.Win32.CommonName.p 1
H:\zipperfiles\findnemo.exe Infected: not-a-virus:AdWare.Win32.Gator.3103 1
H:\zipperfiles\findnemo.exe Infected: not-a-virus:AdWare.Win32.IGetNet.a 1
H:\WINDOWS\outlook.pst Infected: Email-Worm.Win32.Happy 1

The selected area was scanned.
  • 0

#8
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Now we have a bit of an issue:

F:\Documents and Settings\tjmk\Application Data\Identities\{4A7F6C00-5FF4-11D3-A160-9EDC1036BC27}\Microsoft\Outlook Express\Inbox.dbx
H:\WINDOWS\outlook.pst

The top infected file is the Inbox for Outlook Express, the 2nd is, I believe, a backup file of a past Outlook Inbox.

QUESTION:
Which of these 2 clients do you use?

These infections are very tricky to fix, because you obviously cannot delete the file.
If you use Outlook Express(OE), you can delete the Outlook file.
If you use Outlook, you can just delete the OE inbox file.

To fix the other, there is really nothing for it but to get in, open the client software & delete all emails with attachments.
Let me know how you get on.

When you are done, go back to the Kaspersky Online Scanner.
I'm not sure if you can point the scanner at individual files, but you certainly can direct it to a folder.
When asked where to scan, either point it directly to the remaining inbox file, or to the folder containing the remaining inbox file.
ie, either H:\WINDOWS\ or
F:\Documents and Settings\tjmk\Application Data\Identities\{4A7F6C00-5FF4-11D3-A160-9EDC1036BC27}\Microsoft\Outlook Express\

Let the scan complete & send me the scan report.
  • 0

#9
tjmk

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
good morning.

i use outlook express on the C: drive. drives F, G, and H are on a secondary slave hard drive (psrtitioned) from a former computer. i have a few files there that i still use and never cleared out the rest of the junk.

so the question is now. can i delete both of those and not compromise the outlook files i do use?
  • 0

#10
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Run this last fix & we will get the lot:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Services
    
    :Reg
    
    :Files
    C:\SETUP_ARES.EXE
    F:\zipperfiles\odd stuff\findnemo.exe
    H:\zipperfiles\findnemo.exe
    F:\Documents and Settings\tjmk\Application Data\Identities\{4A7F6C00-5FF4-11D3-A160-9EDC1036BC27}\Microsoft\Outlook Express\Inbox.dbx
    H:\WINDOWS\outlook.pst
    
    :Commands
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered & reboot if necessary.

With that done, your PC looks clear, so we can now deal with some final clean up jobs.

Clean out temp files etc:
Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    NOTE: It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process.
    Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
  • Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Cleanup with OTL:
  • Please double-click OTL.exe to run it.
  • Click the Clean up button
  • Click NO at the restart prompt (We will do that in a moment.)

To Clear Restore points, please do the following:
  • Go to Start > Control Panel.
  • Double-click the System icon.
    • NOTE: If the System icon is not visible, click "View all Control Panel options" to display it.
  • Click the System Restore tab.
  • Put a check by Disable System Restore.
  • Click Apply, OK, OK. Click Yes if you are prompted to restart Windows. Otherwise Reboot normally.
After reboot, you must turn System Restore back on:
  • Go back to the System Restore tab.
  • UNcheck Disable System Restore.
  • Click Apply, OK, OK. Click Yes if you are prompted to restart Windows.

Lastly, some extra or better security for your PC:

The programs recommended below are freeware alternatives to some of your security software & might reduce the potential for spyware infection in the future:-

Spyware Prevention:
Spyware Blaster by JavaCool Software, prevents spyware installing and consumes no system resources.
IE/SpyAd, stops suspect sites loading ActiveX, popups etc onto your PC. An excellent tutorial is Here

Spyware Detection:
[url="http://"http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.htm"]Malwarebytes Anti-Malware[/url] is my favourite here.

Anti-Virus:
The first line of defence, especially since some will now detect trojans as well.
Avira's Avira AntiVir Personal and Grisoft's Avast! Free Edition are among the best freebies.
*Please note* You should never install more than one anti-virus program on a PC, as it will cause conflicts.

Firewall:
A Firewall is an essential tool in the security of any PC connected to the Internet.
Sunbelt Personal Firewall and Comodo are both excellent freeware.

Alternate Browsers:
Thankfully, there are now some excellent alternatives to MS Internet Explorer. They offer better security, more stability, and better speed.
A couple of good examples are: Firefox and Opera

Other Updates:
Vital security patches and updates are available for Microsoft Windows and Internet Explorer at the Windows Update Site
It is equally important to update the other security software you use, on a regular basis.

Further reading about these issues is available in a very good article: How did I get infected in the first place ? (by Tony Klein and dvk01)

All the best & safe surfing in the future,

sage5
  • 0

Advertisements


#11
tjmk

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
thanks again sage5

i (obviously) have mcafee security center, which includes spyware detector, av, firewall, etc. is this sufficient security. i know there are free ones out there, but aside from cost, i'm interested to know if it does the jobs well.

alternate browser: i've recently gotten firefox on this machine, but it seems to take a minute to load (small annoyance). safari for pc has been suggested, what do you think of that program.

again, my thanks for the help and support!

:) - cheers
-j
  • 0

#12
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi tjmk,

1. I have never personally been a fan of the "Security Suite" approach of the software companies.
Speaking generally, the suites are comprised of:
a) whatever security application(s) the parent company produces, ie anti-vius, firewall etc, plus
b) 3rd party applications, sourced by licence/takeover/buyout, & re-badged, to make up the rest of the suite.
In order to get the various parts to "play nicely" with each other, compromises in coding, have to be made. Sometimes, this results in reduced effectiveness of the components, but more often, you end up with some serious "bloatware", like a 500lb gorilla in your PC.

2. By steering away from the major players, you are also less likely to be targeted by malware that can shut your system down.
I use:
Antivirus: AntiVir, however aVast & Nod32 run a pretty close second (I use the paid version, but the freeware one is very nearly as good).
Firewall: Comodo (free)
Spyware blaster - ActiveX blocker. (I don't use a "real time" anti-malware app.)
Spyware/malware: Malwarebytes Antimalware (once week scan)
Browser: Firefox, (much better/quicker security updates than MS)
Email client: Thunderbird

I think the slow load time for Firefox, may be an "over-active" security setup.
Try this:
Open Firefox, browse to Google & set it as the homepage, via Tools > Options > Main (so you are not going to some slow loading & potentially "un-secure" site).
Close Firefox.
Temporarily disable all the McAfee stuff..
Launch Firefox & time the opening speed for the page. Mine is 3 seconds to "Done" message at lower left of Status Bar.

Edited by sage5, 17 June 2009 - 05:48 PM.

  • 0

#13
tjmk

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
thanks sage5

i guess i have some decisions and choices. at least my machine is clean for the moment.

you've been great. hope i don't need you folks again... good to know you are here if i do!

- j :)
  • 0

#14
tjmk

tjmk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
well, the overnight scan by mcafee found " potentially unwanted program - adware - gohip - in registry key: hkcr\WebCom.WebBar"

i looked at it with regedit, there is webcom.webbar and webcom.webbar.1. clicking on it brings an error "cannot open webcom.webbar: error while opening key"

this happens every week, even though we just cleaned this machine.

any suggestions?
  • 0

#15
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Did you keep the Malwarebytes Antimalware on your PC?
If so, make sure that you Update it first, then do a scan with it and send me the new log created.
  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP