Newbie
I scanned my pc with adware and a trojan named Trojan.Win32.Generic!BT came up I was wondering if this would be the cause of my pc running very slow and my mouse pointer sometimes freezeing and jumping all over the place a copy of the adware report is list below. Please help
Logfile created: 8/10/2010 09:08:03
Ad-Aware version: 8.3.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Mago
*********************** Definitions database information ***********************
Lavasoft definition file: 150.46
Genotype definition file version: 2010/08/10 07:47:53
Extended engine definition file: 6711.0
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 223336
Objects detected: 50
Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 2
Folders.........: 0
LSPs............: 0
Cookies.........: 48
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *adbrite* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409218 Family ID: 0
Description: *adbureau* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409027 Family ID: 0
Description: *adlegend* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409170 Family ID: 0
Description: *.bridgetrack* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409095 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *clickbank* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408890 Family ID: 0
Description: *counter.hitslink* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408884 Family ID: 0
Description: *.hitslink* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409071 Family ID: 0
Description: *coremetrics* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409008 Family ID: 0
Description: *data.coremetrics* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409220 Family ID: 0
Description: *hits.gureport.co* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409364 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *klo* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408848 Family ID: 0
Description: *kontera* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409363 Family ID: 0
Description: *276* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408944 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *webstat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409228 Family ID: 0
Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
Description: *clickability* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408892 Family ID: 0
Description: *s.clickability* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409195 Family ID: 0
Description: *estat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408873 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
Description: *tacoda* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409123 Family ID: 0
Description: *uk.sitestat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409118 Family ID: 0
Description: *unicast* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409281 Family ID: 0
Description: *web-stat* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409115 Family ID: 0
Description: *realtracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408980 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *advertis* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409017 Family ID: 0
Description: *real* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408817 Family ID: 0
Description: *statse.webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408803 Family ID: 0
Description: *webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408954 Family ID: 0
Description: *.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409033 Family ID: 0
Description: *statse.webtrendslive* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409269 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Quarantined items:
Description: c:\program files\hp games\bistro stars\bistrostars.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: ef9433242b8cce0d5a76b748c217fc64
Description: d:\hp\apps\app06536\src\install\games\bistrostars-setup.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: cb7ae625b8b5bcf3206be5e3bdd080ce
Scan and cleaning complete: Finished correctly after 13114 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
<Empty>
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Sun Jul 25 11:24:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Sun Jul 25 17:24:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Sun Jul 25 23:24:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Sun Jul 25 05:24:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Sun Jul 25 11:24:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: true
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
ID: autoentertainmentmode, enabled:1, value: true
ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: false
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true
****************************** System information ******************************
Computer name: MAGO-PC
Processor name: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Processor identifier: x86 Family 6 Model 15 Stepping 2
Processor speed: ~1800MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3842, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 317796352 bytes
Physical memory total: 1063010304 bytes
Virtual memory available: 1811460096 bytes
Virtual memory total: 2147352576 bytes
Memory load: 70%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:
Running processes:
PID: 556 name: C:\WINDOWS\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 644 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 688 name: C:\WINDOWS\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 700 name: C:\WINDOWS\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 732 name: C:\WINDOWS\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 744 name: C:\WINDOWS\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: C:\WINDOWS\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 804 name: C:\WINDOWS\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 928 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 988 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1100 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1128 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1140 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1244 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1260 name: C:\WINDOWS\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1308 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1456 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1760 name: C:\WINDOWS\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1784 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2004 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2032 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 212 name: C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe owner: SYSTEM domain: NT AUTHORITY
PID: 420 name: C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 532 name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 612 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 868 name: C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1088 name: C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1424 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1452 name: C:\WINDOWS\System32\rundll32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1616 name: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1912 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 832 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1416 name: C:\WINDOWS\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2124 name: C:\WINDOWS\System32\WUDFHost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2184 name: C:\WINDOWS\System32\drivers\XAudio.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2212 name: C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2252 name: C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2752 name: C:\WINDOWS\System32\dwm.exe owner: Mago domain: Mago-PC
PID: 2776 name: C:\WINDOWS\System32\taskeng.exe owner: Mago domain: Mago-PC
PID: 3664 name: C:\hp\support\hpsysdrv.exe owner: Mago domain: Mago-PC
PID: 3696 name: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe owner: Mago domain: Mago-PC
PID: 3704 name: C:\WINDOWS\RtHDVCpl.exe owner: Mago domain: Mago-PC
PID: 3720 name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: Mago domain: Mago-PC
PID: 3836 name: C:\WINDOWS\System32\hkcmd.exe owner: Mago domain: Mago-PC
PID: 3856 name: C:\WINDOWS\System32\igfxpers.exe owner: Mago domain: Mago-PC
PID: 3868 name: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe owner: Mago domain: Mago-PC
PID: 3876 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: Mago domain: Mago-PC
PID: 3884 name: C:\Program Files\Epson Software\Event Manager\EEventManager.exe owner: Mago domain: Mago-PC
PID: 3900 name: C:\Program Files\McAfee.com\Agent\mcagent.exe owner: Mago domain: Mago-PC
PID: 3908 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Mago domain: Mago-PC
PID: 3948 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: Mago domain: Mago-PC
PID: 3960 name: C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe owner: Mago domain: Mago-PC
PID: 4004 name: C:\WINDOWS\ehome\ehtray.exe owner: Mago domain: Mago-PC
PID: 4016 name: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe owner: Mago domain: Mago-PC
PID: 4024 name: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE owner: Mago domain: Mago-PC
PID: 4036 name: C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIF DA.EXE owner: Mago domain: Mago-PC
PID: 4044 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Mago domain: Mago-PC
PID: 2860 name: C:\WINDOWS\System32\igfxsrvc.exe owner: Mago domain: Mago-PC
PID: 2672 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1552 name: C:\WINDOWS\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3292 name: C:\WINDOWS\ehome\ehmsas.exe owner: Mago domain: Mago-PC
PID: 4320 name: C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe owner: Mago domain: Mago-PC
PID: 4336 name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4636 name: C:\hp\KBD\kbd.exe owner: Mago domain: Mago-PC
PID: 4660 name: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4892 name: C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 5728 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3808 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1340 name: C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe owner: Mago domain: Mago-PC
PID: 2760 name: C:\WINDOWS\System32\wuauclt.exe owner: Mago domain: Mago-PC
PID: 4236 name: C:\WINDOWS\System32\taskeng.exe owner: Mago domain: Mago-PC
PID: 5164 name: C:\WINDOWS\explorer.exe owner: Mago domain: Mago-PC
PID: 2092 name: C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5488 name: C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1804 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4968 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Mago domain: Mago-PC
PID: 2588 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5228 name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 904 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Mago domain: Mago-PC
PID: 5552 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Mago domain: Mago-PC
PID: 3000 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3032 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4052 name: C:\WINDOWS\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY
Startup items:
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Launcher
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: hpsysdrv
imagepath: c:\hp\support\hpsysdrv.exe
Name: KBD
imagepath: C:\HP\KBD\KbdStub.EXE
Name: OsdMaestro
imagepath: "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
Name: RtHDVCpl
imagepath: RtHDVCpl.exe
Name: CCUTRAYICON
imagepath: FactoryMode
Name:
Name: IAAnotif
imagepath: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Name: HP Health Check Scheduler
imagepath: c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: IgfxTray
imagepath: C:\Windows\system32\igfxtray.exe
Name: HotKeysCmds
imagepath: C:\Windows\system32\hkcmd.exe
Name: Persistence
imagepath: C:\Windows\system32\igfxpers.exe
Name: ddoctorv2
imagepath: "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Name: EEventManager
imagepath: C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: mcui_exe
imagepath: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar.lnk
imagepath: C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: Appinfo
displayname: Application Information
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: DQLWinService
displayname: DQLWinService
Name: EMDMgmt
displayname: ReadyBoost
Name: EPSON_PM_RPCV4_01
displayname: EPSON V3 Service4(01)
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: fdPHost
displayname: Function Discovery Provider Host
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: FontCache3.0.0.0
displayname: Windows Presentation Foundation Font Cache 3.0.0.0
Name: gpsvc
displayname: Group Policy Client
Name: hidserv
displayname: Human Interface Device Access
Name: HP Health Check Service
displayname: HP Health Check Service
Name: IAANTMON
displayname: Intel(R) Matrix Storage Event Monitor
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: IntuitUpdateService
displayname: Intuit Update Service
Name: iphlpsvc
displayname: IP Helper
Name: iPod Service
displayname: iPod Service
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: McAfee SiteAdvisor Service
displayname: McAfee SiteAdvisor Service
Name: McMPFSvc
displayname: McAfee Personal Firewall Service
Name: mcmscsvc
displayname: McAfee Services
Name: McNaiAnn
displayname: McAfee VirusScan Announcer
Name: McNASvc
displayname: McAfee Network Agent
Name: McProxy
displayname: McAfee Proxy Service
Name: McShield
displayname: McShield
Name: mfefire
displayname: McAfee Firewall Core Service
Name: mfevtp
displayname: McAfee Validation Trust Protection Service
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: MSK80Service
displayname: McAfee Anti-Spam Service
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: sprtsvc_ddoctorv2
displayname: SupportSoft Sprocket Service (ddoctorv2)
Name: SSDPSRV
displayname: SSDP Discovery
Name: SstpSvc
displayname: Secure Socket Tunneling Protocol Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input Service
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: TrustedInstaller
displayname: Windows Modules Installer
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows Error Reporting Service
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: WPDBusEnum
displayname: Portable Device Enumerator Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: XAudioService
displayname: XAudioService
Newbie
I also did the read me fisrt and here are the logs although was unable to do the gmer scan try to do it in ssafe mode but it did not run
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4420
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928
8/11/2010 3:35:17 PM
mbam-log-2010-08-11 (15-35-17).txt
Scan type: Quick scan
Objects scanned: 151841
Time elapsed: 13 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: ASUSTek Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: HP-Pavilion
System Product Name: GC517AA-ABA a6057c
Logical Drives Mask: 0x00000e7c
Kernel Drivers (total 159):
0x82A33000 \SystemRoot\system32\ntkrnlpa.exe
0x82A00000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046D000 \SystemRoot\system32\PSHED.dll
0x8047E000 \SystemRoot\system32\BOOTVID.dll
0x80486000 \SystemRoot\system32\CLFS.SYS
0x804C7000 \SystemRoot\system32\CI.dll
0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80695000 \SystemRoot\system32\drivers\acpi.sys
0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EC000 \SystemRoot\system32\drivers\pci.sys
0x80713000 \SystemRoot\System32\drivers\partmgr.sys
0x80722000 \SystemRoot\system32\drivers\volmgr.sys
0x80731000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077B000 \SystemRoot\system32\drivers\intelide.sys
0x80782000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80790000 \SystemRoot\System32\drivers\mountmgr.sys
0x83407000 \SystemRoot\system32\drivers\iastor.sys
0x834BF000 \SystemRoot\system32\drivers\atapi.sys
0x834C7000 \SystemRoot\system32\drivers\ataport.SYS
0x834E5000 \SystemRoot\system32\drivers\fltmgr.sys
0x83517000 \SystemRoot\system32\drivers\fileinfo.sys
0x83527000 \SystemRoot\system32\drivers\mfehidk.sys
0x83584000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x83593000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83604000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83675000 \SystemRoot\system32\drivers\ndis.sys
0x83780000 \SystemRoot\system32\drivers\msrpc.sys
0x837AB000 \SystemRoot\system32\drivers\NETIO.SYS
0x86C03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D12000 \SystemRoot\system32\drivers\volsnap.sys
0x86D4B000 \SystemRoot\System32\Drivers\spldr.sys
0x86D53000 \SystemRoot\System32\Drivers\mup.sys
0x86D62000 \SystemRoot\System32\drivers\ecache.sys
0x86D89000 \SystemRoot\system32\drivers\disk.sys
0x86D9A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86DBB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8AEBB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8AEC6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AECF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B805000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BEC2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BF61000 \SystemRoot\System32\drivers\watchdog.sys
0x8BF6E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BF80000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BF8B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BFC9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BFD8000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BFE8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AEDE000 \SystemRoot\system32\drivers\hcw18bda.sys
0x8AF3C000 \SystemRoot\system32\drivers\ks.sys
0x8BFF6000 \SystemRoot\system32\drivers\BdaSup.SYS
0x8AF66000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8C00C000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0x8C10E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C1C3000 \SystemRoot\system32\drivers\modem.sys
0x8C1D0000 \SystemRoot\system32\DRIVERS\e100b325.sys
0x8AFB2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C1F7000 \SystemRoot\system32\DRIVERS\PS2.sys
0x8C000000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AFC5000 \SystemRoot\system32\drivers\Afc.sys
0x8AFCD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BFF9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x86DD1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8359C000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AFE5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x837E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AFF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x835DD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x807A0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807AF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807C3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x807D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x807E8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C1FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805A7000 \SystemRoot\system32\DRIVERS\circlass.sys
0x807F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x805B5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x805C2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9040C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90A06000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90C3D000 \SystemRoot\system32\drivers\portcls.sys
0x90C6A000 \SystemRoot\system32\drivers\drmk.sys
0x90C8F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90C98000 \SystemRoot\System32\Drivers\Null.SYS
0x90C9F000 \SystemRoot\System32\Drivers\Beep.SYS
0x90CAF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90CB6000 \SystemRoot\System32\drivers\vga.sys
0x90CC2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90CE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90CEB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90CF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90CFE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90D0C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x90D15000 \SystemRoot\System32\drivers\tcpip.sys
0x9041D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x90438000 \SystemRoot\system32\drivers\mfewfpk.sys
0x9045E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90474000 \SystemRoot\system32\DRIVERS\smb.sys
0x90488000 \SystemRoot\System32\DRIVERS\netbt.sys
0x904BA000 \SystemRoot\system32\drivers\afd.sys
0x90502000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90518000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x90526000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90534000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90547000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x90A00000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90569000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x905A5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x905AF000 \SystemRoot\System32\Drivers\dfsc.sys
0x905C6000 \SystemRoot\system32\drivers\mfeavfk.sys
0x91A0D000 \SystemRoot\system32\drivers\mfefirek.sys
0x91A58000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91A65000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x91B1D000 \SystemRoot\system32\DRIVERS\usbcir.sys
0x91B33000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x91B35000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9A2E0000 \SystemRoot\System32\win32k.sys
0x91B47000 \SystemRoot\System32\drivers\Dxapi.sys
0x91B51000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91B5A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91B6A000 \SystemRoot\system32\DRIVERS\hidir.sys
0x91B75000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x91B7C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91B84000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x91B8D000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A500000 \SystemRoot\System32\TSDDD.dll
0x9A520000 \SystemRoot\System32\cdd.dll
0x91B9C000 \SystemRoot\system32\drivers\luafv.sys
0x8AE00000 \SystemRoot\system32\drivers\spsys.sys
0x91BBF000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x91BD1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x91BE1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xACE01000 \SystemRoot\system32\drivers\HTTP.sys
0xACE6E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xACE8B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xACEA4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xACEB9000 \SystemRoot\system32\drivers\mrxdav.sys
0xACED9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xACEF8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xACF31000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xACF49000 \SystemRoot\System32\DRIVERS\srv2.sys
0xACF70000 \SystemRoot\System32\DRIVERS\srv.sys
0xACFD6000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xACFD8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAEC03000 \SystemRoot\system32\drivers\peauth.sys
0xAECE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAECEB000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAECF7000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAECFF000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xAED14000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xAED4A000 \SystemRoot\system32\drivers\cfwids.sys
0xAED56000 \SystemRoot\system32\drivers\mfeapfk.sys
0xAED6C000 \SystemRoot\system32\drivers\mfebopk.sys
0xAED77000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77720000 \WINDOWS\System32\ntdll.dll
Processes (total 80):
0 System Idle Process
4 System
556 C:\WINDOWS\System32\smss.exe
676 csrss.exe
720 C:\WINDOWS\System32\wininit.exe
732 csrss.exe
764 C:\WINDOWS\System32\services.exe
780 C:\WINDOWS\System32\lsass.exe
788 C:\WINDOWS\System32\lsm.exe
836 C:\WINDOWS\System32\winlogon.exe
956 C:\WINDOWS\System32\svchost.exe
1020 C:\WINDOWS\System32\svchost.exe
1064 C:\WINDOWS\System32\svchost.exe
1116 C:\WINDOWS\System32\svchost.exe
1144 C:\WINDOWS\System32\svchost.exe
1156 C:\WINDOWS\System32\svchost.exe
1224 C:\WINDOWS\System32\audiodg.exe
1280 C:\WINDOWS\System32\svchost.exe
1296 C:\WINDOWS\System32\SLsvc.exe
1324 C:\WINDOWS\System32\svchost.exe
1448 C:\WINDOWS\System32\svchost.exe
1552 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1672 C:\WINDOWS\System32\spoolsv.exe
1696 C:\WINDOWS\System32\svchost.exe
328 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
344 C:\Program Files\Bonjour\mDNSResponder.exe
416 C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
572 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
712 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1132 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1432 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1736 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
1984 C:\WINDOWS\System32\svchost.exe
1012 C:\WINDOWS\System32\rundll32.exe
1888 C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
2076 C:\WINDOWS\System32\svchost.exe
2120 C:\WINDOWS\System32\svchost.exe
2160 C:\WINDOWS\System32\SearchIndexer.exe
2280 C:\WINDOWS\System32\drivers\XAudio.exe
2304 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
2364 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
2684 C:\WINDOWS\System32\taskeng.exe
2704 WUDFHost.exe
2996 unsecapp.exe
3204 WmiPrvSE.exe
3424 C:\WINDOWS\System32\dwm.exe
3432 C:\WINDOWS\explorer.exe
3468 C:\WINDOWS\System32\taskeng.exe
2916 C:\Program Files\Windows Defender\MSASCui.exe
1944 C:\hp\support\hpsysdrv.exe
1480 C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
2676 C:\WINDOWS\RtHDVCpl.exe
2344 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3532 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
2188 C:\WINDOWS\System32\hkcmd.exe
904 C:\WINDOWS\System32\igfxpers.exe
3644 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
3404 C:\Program Files\Epson Software\Event Manager\EEventManager.exe
3800 C:\Program Files\McAfee.com\Agent\mcagent.exe
1340 C:\Program Files\iTunes\iTunesHelper.exe
3592 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4092 C:\Program Files\Windows Sidebar\sidebar.exe
1344 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3828 C:\WINDOWS\System32\igfxsrvc.exe
2468 C:\WINDOWS\ehome\ehtray.exe
2892 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
2032 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2296 C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIF DA.EXE
3048 C:\WINDOWS\ehome\ehmsas.exe
884 C:\Program Files\Windows Media Player\wmpnscfg.exe
3584 C:\Program Files\Windows Media Player\wmpnetwk.exe
3892 C:\hp\KBD\kbd.exe
4196 C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
4436 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
4760 C:\Program Files\iPod\bin\iPodService.exe
5688 C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
5728 WmiPrvSE.exe
5552 taskeng.exe
3032 C:\WINDOWS\System32\wuauclt.exe
5928 C:\Users\Mago\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`9973aa00 (NTFS)
PhysicalDrive0 Model Number: ST3320820AS, Rev: 3.AHG
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: 161E5DF10EB9B6EAC4AA8DF99305EF77B11BEBD8
Done!
OTL logfile created on: 8/11/2010 6:11:15 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mago\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.40 Gb Total Space | 214.44 Gb Free Space | 73.84% Space Free | Partition Type: NTFS
Drive D: | 7.69 Gb Total Space | 0.89 Gb Free Space | 11.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAGO-PC
Current User Name: Mago
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/08/11 18:10:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
PRC - [2010/08/11 06:29:24 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/12 01:55:38 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/12 01:55:38 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/07/09 08:12:54 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Ac tiveX.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/12/04 14:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/04 23:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIF DA.EXE
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/10/09 19:39:55 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
PRC - [2007/04/19 18:11:16 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/19 18:10:42 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/11/20 04:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 06:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
PRC - [2005/08/17 21:44:26 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- c:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
========== Modules (SafeList) ==========
MOD - [2010/08/11 18:10:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/07/12 01:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 18:10:42 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/09/11 17:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/09/11 17:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/09/11 1632 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/09/11 16
SRV - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe -- (DQLWinService)
SRV - [2006/09/01 00:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/05/10 10:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/11 06:29:24 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/11 06:29:24 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/11 06:29:24 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/12 01:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/05/31 20:32:58 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/05/31 20:32:58 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/11 12:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/18 20:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/24 07:41:04 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/28 22:44:04 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Comcast.net | Entertainment | News | Sports | Email | Watch TV Online | Comcast Deals | On Demand
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Comcast.net | Entertainment | News | Sports | Email | Watch TV Online | Comcast Deals | On Demand
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = :0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/05 07:37:21 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2008/06/14 11:09:42 | 000,250,982 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 babe.the-killer.bz
O1 - Hosts: 127.0.0.1 www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1 babe.k-lined.com
O1 - Hosts: 127.0.0.1 www.babe.k-lined.com
O1 - Hosts: 127.0.0.1 did.i-used.cc
O1 - Hosts: 127.0.0.1 www.did.i-used.cc
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwwwsearch.com
O1 - Hosts: 127.0.0.1 coolwebsearch.com
O1 - Hosts: 127.0.0.1 www.coolwebsearch.com
O1 - Hosts: 127.0.0.1 hi.studioaperto.net
O1 - Hosts: 127.0.0.1 Studioaperto.net
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 wazzupnet.com
O1 - Hosts: 127.0.0.1 gueb.com
O1 - Hosts: 127.0.0.1 GUeb.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 kabex.com
O1 - Hosts: 127.0.0.1 hityou.com
O1 - Hosts: 127.0.0.1 Hityou.com - Home page
O1 - Hosts: 127.0.0.1 miosearch.com
O1 - Hosts: 127.0.0.1 www.miosearch.com
O1 - Hosts: 127.0.0.1 blue-elefant.com
O1 - Hosts: 8751 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100712081710.dl l (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON NX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIF DA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] Reg Error: Invalid data type. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upl...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} http://www.costcophotocenter.com/upl...X_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upl...X_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mago\Desktop\HPIM1661.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mago\Desktop\HPIM1661.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/02 16:42:20 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1faf8182-3b0a-11de-8207-001a926b1ee5}\Shell\AutoRun\command - "" = H:\PortableVault.exe -- File not found
O33 - MountPoints2\{d4f9caec-5d74-11dc-a57f-001a926b1ee5}\Shell - "" = AutoRun
O33 - MountPoints2\{d4f9caec-5d74-11dc-a57f-001a926b1ee5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 90 Days ==========
[2010/08/11 18:09:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
[2010/08/11 16:37:51 | 000,093,056 | ---- | C] (GMER) -- C:\kwldypog.sys
[2010/08/11 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\Mago\AppData\Roaming\Malwarebytes
[2010/08/11 15:20:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/11 15:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/11 15:20:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/11 15:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/11 06:48:48 | 005,169,864 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Mago\Desktop\registrybooster.exe
[2010/07/25 11:24:57 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/07/25 11:24:51 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/07/25 11:01:51 | 000,000,000 | ---D | C] -- C:\Users\Mago\AppData\Local\Sunbelt Software
[2010/07/25 11:00:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/09 08:01:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/09 08:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/09 07:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/25 06:52:47 | 000,000,000 | ---D | C] -- C:\cc7e47a2b889356689e21d9bc3
[2010/06/18 07:16:50 | 000,000,000 | ---D | C] -- C:\Users\Mago\Documents\My muvees
[2010/06/05 07:09:07 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010/06/05 07:09:01 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010/06/05 07:09:00 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/06/05 07:09:00 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/06/05 07:09:00 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010/06/05 07:08:59 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010/06/05 07:08:59 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/06/05 07:08:59 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/06/05 07:08:59 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010/06/05 07:08:59 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/06/05 07:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/06/05 07:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/06/05 07:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/05/20 07:38:24 | 000,000,000 | ---D | C] -- C:\Users\Mago\Desktop\Newletter
[2010/05/17 07:39:05 | 000,000,000 | ---D | C] -- C:\Users\Mago\Documents\Horcajo
========== Files - Modified Within 90 Days ==========
[2010/08/11 18:11:14 | 004,194,304 | -HS- | M] () -- C:\Users\Mago\ntuser.dat
[2010/08/11 18:10:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
[2010/08/11 17:57:47 | 000,080,384 | ---- | M] () -- C:\Users\Mago\Desktop\MBRCheck.exe
[2010/08/11 17:46:31 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/11 17:44:42 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/08/11 17:43:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/11 17:43:36 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/11 17:43:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/11 17:43:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/11 17:43:26 | 1063,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/11 17:11:39 | 000,524,288 | -HS- | M] () -- C:\Users\Mago\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010/08/11 17:11:39 | 000,065,536 | -HS- | M] () -- C:\Users\Mago\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/11 16:37:51 | 000,093,056 | ---- | M] (GMER) -- C:\kwldypog.sys
[2010/08/11 15:59:20 | 000,293,376 | ---- | M] () -- C:\Users\Mago\Desktop\mx8uhfuj.exe
[2010/08/11 15:20:20 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 07:48:31 | 000,612,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/11 07:48:31 | 000,107,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/11 07:48:30 | 000,714,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/11 06:54:49 | 000,011,024 | ---- | M] () -- C:\Users\Mago\AppData\Roaming\wklnhst.dat
[2010/08/11 06:49:36 | 005,169,864 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Mago\Desktop\registrybooster.exe
[2010/08/11 06:23:25 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A59F0F7C-E877-49C7-B318-891D37093CB2}.job
[2010/07/26 21:17:32 | 000,054,272 | ---- | M] () -- C:\Users\Mago\Desktop\Answer.doc
[2010/07/25 11:24:50 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/07/25 10:59:55 | 000,001,033 | ---- | M] () -- C:\Users\Mago\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/25 10:59:55 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/19 20:04:38 | 000,417,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/19 10:41:58 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/07/12 01:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/07/12 01:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/07/09 08:03:06 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/21 09:03:24 | 000,057,344 | ---- | M] () -- C:\Users\Mago\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 07:12:28 | 000,050,176 | ---- | M] () -- C:\Users\Mago\Documents\Roxxana.wps
[2010/06/15 20:55:40 | 000,023,438 | ---- | M] () -- C:\Users\Mago\Desktop\Recognition.xlsx
[2010/06/10 18:02:16 | 000,029,213 | ---- | M] () -- C:\Users\Mago\Desktop\StoriesRevised.docx
[2010/06/10 17:36:38 | 000,050,881 | ---- | M] () -- C:\Users\Mago\Desktop\stories.docx
[2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010/05/31 20:32:58 | 000,160,720 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/05/31 20:32:58 | 000,064,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/05/31 20:32:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010/05/28 08:31:28 | 000,024,064 | ---- | M] () -- C:\Users\Mago\Documents\Si un día tienes que elegir entre el mundo y el amor.doc
[2010/05/17 08:05:48 | 000,024,064 | ---- | M] () -- C:\Users\Mago\Documents\Today is Monday.doc
========== Files Created - No Company Name ==========
[2010/08/11 17
[2010/08/11 17:46:01 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/11 17:12:22 | 1063,743,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/11 15:59:08 | 000,293,376 | ---- | C] () -- C:\Users\Mago\Desktop\mx8uhfuj.exe
[2010/08/11 15:20:20 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 06:23:12 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/07/26 21:17:32 | 000,054,272 | ---- | C] () -- C:\Users\Mago\Desktop\Answer.doc
[2010/07/25 10:59:55 | 000,001,033 | ---- | C] () -- C:\Users\Mago\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/25 10:59:55 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/09 08:03:06 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/21 09:13:29 | 000,050,881 | ---- | C] () -- C:\Users\Mago\Desktop\stories.docx
[2010/06/21 09:13:20 | 000,029,213 | ---- | C] () -- C:\Users\Mago\Desktop\StoriesRevised.docx
[2010/06/18 07:12:28 | 000,050,176 | ---- | C] () -- C:\Users\Mago\Documents\Roxxana.wps
[2010/05/28 08:31:28 | 000,024,064 | ---- | C] () -- C:\Users\Mago\Documents\Si un día tienes que elegir entre el mundo y el amor.doc
[2010/05/20 07:38:14 | 000,030,720 | ---- | C] () -- C:\Users\Mago\Desktop\ADSFY070809.xls
[2010/05/20 06:37:05 | 003,000,826 | ---- | C] () -- C:\Users\Mago\Desktop\HPIM1942.JPG
[2010/05/20 06:36:22 | 001,891,364 | ---- | C] () -- C:\Users\Mago\Desktop\HPIM1905.JPG
[2010/05/17 08:05:48 | 000,024,064 | ---- | C] () -- C:\Users\Mago\Documents\Today is Monday.doc
[2010/02/21 18:08:16 | 000,000,044 | ---- | C] () -- C:\Windows\EPNX210.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/03/25 09
[2007/11/05 07:55:27 | 000,000,044 | ---- | C] () -- C:\Windows\EPCX8400.ini
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/13 13:19:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/08 07:58:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/08/08 07:48:07 | 000,000,059 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2007/08/08 07:46:31 | 000,000,084 | ---- | C] () -- C:\Windows\EPSPRX580.ini
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/03/02 16:25:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/03/02 1626 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/03/02 16
[2007/03/02 16:12:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/01/10 04
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 00:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 00:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2007/09/17 15:09:07 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\Avery Wizard 3.1
[2010/04/16 20:52:34 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\com.adobe.mauby.4875 E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/10 08:16:10 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\Costco Photo Viewer US
[2010/02/22 07:11:46 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\Epson
[2007/08/24 13:37:09 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\Leadertech
[2007/12/30 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\LimeWire
[2010/08/03 08:12:21 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\muvee Technologies
[2009/01/10 08:08:37 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\Printer Info Cache
[2007/08/06 07:20:37 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\Template
[2007/09/01 10:02:36 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\WildTangent
[2007/08/20 14:28:19 | 000,000,000 | ---D | M] -- C:\Users\Mago\AppData\Roaming\WinBatch
[2010/08/11 17:46:31 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/11 10:31:05 | 000,032,554 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/08/11 06:23:25 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A59F0F7C-E877-49C7-B318-891D37093CB2}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2008/11/28 14:58:31 | 000,000,865 | ---- | M] () -- C:\A2Output2.xml
[2008/11/28 14:58:31 | 000,000,865 | ---- | M] () -- C:\A2Output6.xml
[2010/08/11 17:43:24 | 000,148,547 | ---- | M] () -- C:\aaw7boot.log
[2007/03/02 16:42:20 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 00:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/03/02 16:11:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/08/11 17:43:26 | 1063,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/11 16:37:51 | 000,093,056 | ---- | M] (GMER) -- C:\kwldypog.sys
[2009/07/27 18:48:15 | 000,000,826 | ---- | M] () -- C:\net_save.dna
[2010/08/11 17:43:24 | 1377,583,104 | -HS- | M] () -- C:\pagefile.sys
[2008/05/28 10:07:15 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\jnwppr.d ll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spool\prtprocs\w32x86\mdippr.d ll
[2006/10/26 20
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 05:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[2008/01/19 00:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2008/01/19 00:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\WINDOWS\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2008/01/19 00:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 00:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 02:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\WINDOWS\System32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< >
< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0wLkJD7lP >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0wLkJD7lP
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Mago\Documents\shirley_bassey_-_where_do_i_begin.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mago\Documents\cabezahombros.mp3:TOC.WMV
@Alternate Data Stream - 143 bytes -> C:\Users\Mago\Documents\maribel.nws:OECustomProper ty
< End of report >
OTL Extras logfile created on: 8/11/2010 6:11:15 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mago\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 220.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 33.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.40 Gb Total Space | 214.44 Gb Free Space | 73.84% Space Free | Partition Type: NTFS
Drive D: | 7.69 Gb Total Space | 0.89 Gb Free Space | 11.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAGO-PC
Current User Name: Mago
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{6F495472-48FA-486F-AF19-B1B29A3BCB80}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{B75C967F-C0DD-458C-AA1D-151CB02B07D4}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{BAAAD027-ED60-409C-B2E6-DE47DC3BB5BD}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{E73363B0-CC78-491F-86D0-514DEEB7D733}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{006577C3-6126-435C-A63F-79C922BF0EF0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{04C461DE-81DF-4205-AB0F-E4EF6CD1FC6F}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{04CF6E7B-BC88-4861-8774-5B818DA7B3E2}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{0A9CF25D-52DE-4C7F-A2A7-9BA1ECCD81F5}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{1CC70529-9550-49F1-93DF-1BC0D269D2F8}" = protocol=6 | dir=in | app=c:\program files\mcafee\mwl\mwlsvc.exe |
"{263193F8-083C-42A2-A3A9-CD9C9345A8F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C6E225F-250D-4356-A9D8-BA11EE2A78D6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{61DCB800-CB48-4DC9-9629-9263261534EE}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{65583EEC-E59C-4965-9A74-74A9E5538110}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{704E5E9D-4C87-48BC-AA07-317605A4798A}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{763A3CC5-9F50-439C-98C9-42D2B2EE3107}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\ttax.exe |
"{7715E4DA-214C-468A-8DF7-27D4D4E975FD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7890B407-9392-42C8-90B5-4B441E8B3DD1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{838DD345-759E-4566-ABEC-9370F8F993BE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8636ED40-44C7-4B6B-AFF7-9616851E10BF}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{8AE74D6A-A322-46D7-801B-7FE793A8AC58}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{8B2800F1-6939-4A83-9776-40ACC219661B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8BCC51CC-2AFB-49E8-98B3-0FF3917318CC}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{9C023CC7-D969-48DA-9F72-06BF7438144B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9C15E676-587C-4F20-A23D-B6A90A2A37C9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{A2EA3259-E985-4B27-9E0D-CB7A64E0D0A0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A463D231-CB1E-4391-A302-9DAA37F4706C}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A5A8B85E-A3A9-471F-9FB1-931ABB90CAF6}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{C0B5F073-5536-4CE0-B95A-8E116E758B97}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{C36CDEA3-6967-4E0E-B835-85FFBE8BBC3D}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\ttax.exe |
"{CE056D5C-17F3-4B6B-AE26-A59A55EA88F6}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2006\32bit\updatemgr.exe |
"{D517D82B-24BD-4067-A780-DF6919BA770B}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F34DC5AD-B51A-4AB7-B256-B273FCAF765F}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{F7EA220B-4364-4258-B81C-309D93CDECD5}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FAC36780-AD7F-48A4-AA09-62157725BF77}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"TCP Query User{0E2735B8-FA45-4F79-A899-C1B129DCA3E0}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{2DF28C6A-C866-46EC-9FA7-EB4199FCDBBF}C:\program files\linksys\logviewer\logviewer.exe" = protocol=6 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
"TCP Query User{CA47B18D-3B91-4601-8D77-8B1708487632}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{C2DB222B-C86B-4039-870B-FBD1E2730A3D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{CBCC027A-2DC3-403D-9D47-C281E4580357}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{D5747FF5-16C7-423B-B900-00794C5EC7EF}C:\program files\linksys\logviewer\logviewer.exe" = protocol=17 | dir=in | app=c:\program files\linksys\logviewer\logviewer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42CDB923-629E-469F-819D-D23252624D2A}" = Epson StoryTeller Publisher
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CA976C-403C-47E2-940B-733ECAB6F62B}" = muvee autoProducer 5.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{83E222CC-223F-BE8C-0C77-0CEBDC2F9B57}" = Acrobat.com
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CBFEEA43-2B94-44AF-8325-B413E62D2A5D}" = HP Total Care Advisor
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}" = The Print Shop
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BadCopy Pro" = BadCopy Pro
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C1 4F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"EPSON NX210 Series" = EPSON NX210 Series Printer Uninstall
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Special Internet Offers" = Special Internet Offers
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent hpdesktop Master Uninstall" = My HP Games
"WT018420" = Ball 7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/11/2010 8:19:10 PM | Computer Name = Mago-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/11/2010 8:34:36 PM | Computer Name = Mago-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2712 (0xa98) Thread address : 0x76F49A94 Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\System32\drivers\k secdd.sys
by C:\Users\Mago\Desktop\mx8uhfuj.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)
7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/11/2010 8:34:36 PM | Computer Name = Mago-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2708 (0xa94) Thread address : 0x76F58C2D Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\ProgramData\EPSON\EPSON
NX210 Series\0409.E_FCF0FDA.WAT by C:\Windows\system32\wbem\wmiprvse.exe 4(0)(0)
4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 8/11/2010 8:47:37 PM | Computer Name = Mago-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/11/2010 8:59:02 PM | Computer Name = Mago-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/11/2010 8:59:02 PM | Computer Name = Mago-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/11/2010 8:59:03 PM | Computer Name = Mago-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/11/2010 8:59:03 PM | Computer Name = Mago-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/11/2010 8:59:04 PM | Computer Name = Mago-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 8/11/2010 8:59:04 PM | Computer Name = Mago-PC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 2/3/2009 6:54:38 AM | Computer Name = Mago-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 6/9/2009 9:10:22 AM | Computer Name = Mago-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 11/30/2009 8:57:15 PM | Computer Name = Mago-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 4/26/2010 5:07:10 PM | Computer Name = Mago-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 8/11/2010 8:43:30 PM | Computer Name = Mago-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:41:20 PM on 8/11/2010 was unexpected.
Error - 8/11/2010 8:43:33 PM | Computer Name = Mago-PC | Source = HTTP | ID = 15016
Description =
Error - 8/11/2010 8:43:59 PM | Computer Name = Mago-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8/11/2010 8:46:39 PM | Computer Name = Mago-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 8/11/2010 8:46:39 PM | Computer Name = Mago-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8/11/2010 8:47:21 PM | Computer Name = Mago-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 8/11/2010 8:47:21 PM | Computer Name = Mago-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 8/11/2010 8:48:53 PM | Computer Name = Mago-PC | Source = DCOM | ID = 10010
Description =
Error - 8/11/2010 8:49:47 PM | Computer Name = Mago-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 8/11/2010 8:51:51 PM | Computer Name = Mago-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Senior Member
Welcome aboard
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Newbie
just want to let you know that I have to go to L.A. and will be back sunday night. I will not have access to my pc until that day
But anyway here is the combofix log Thank you so much for your understanding
ComboFix 10-08-11.05 - Mago 08/12/2010 9:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.202 [GMT -7:00]
Running from: c:\users\Mago\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\%appdata%
.
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 16:30 . 2010-08-12 16:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-08-12 16:30 . 2010-08-12 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-11 23:37 . 2010-08-11 23:37 93056 ----a-w- C:\kwldypog.sys
2010-08-11 22:20 . 2010-08-11 22:20 -------- d-----w- c:\users\Mago\AppData\Roaming\Malwarebytes
2010-08-11 22:20 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 22:20 . 2010-08-11 22:20 -------- d-----w- c:\programdata\Malwarebytes
2010-08-11 22:20 . 2010-08-11 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 22:20 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 18:24 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-25 18:24 . 2010-07-25 18:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-25 18:01 . 2010-07-25 18:01 -------- d-----w- c:\users\Mago\AppData\Local\Sunbelt Software
2010-07-25 18:00 . 2010-07-25 18:00 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-19 17:02 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-07-19 17:02 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-11 13:54 . 2007-08-06 14:20 11024 ----a-w- c:\users\Mago\AppData\Roaming\wklnhst.dat
2010-08-11 13:29 . 2009-03-21 21:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-11 02:23 . 2007-09-03 14:59 -------- d-----w- c:\program files\Common Files\Java
2010-08-11 02:19 . 2007-09-03 14:59 -------- d-----w- c:\program files\Java
2010-08-10 21:41 . 2009-03-21 22:00 117760 ----a-w- c:\users\Mago\AppData\Roaming\SUPERAntiSpyware.com \SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 15:12 . 2007-12-12 14:18 -------- d-----w- c:\users\Mago\AppData\Roaming\muvee Technologies
2010-07-20 03:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-17 12:00 . 2010-04-18 21:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 15:25 . 2010-06-05 14:08 -------- d-----w- c:\program files\McAfee
2010-07-12 08:56 . 2010-07-25 18:00 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2009-03-21 19:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-09 15:02 . 2010-07-09 15:01 -------- d-----w- c:\program files\iTunes
2010-07-09 15:01 . 2010-07-09 15:01 -------- d-----w- c:\program files\iPod
2010-07-09 15:01 . 2010-04-22 15:26 -------- d-----w- c:\program files\Common Files\Apple
2010-07-09 15:01 . 2010-04-22 15:34 -------- d-----w- c:\programdata\Apple Computer
2010-07-09 14:49 . 2010-07-09 14:49 -------- d-----w- c:\program files\Bonjour
2010-07-09 14:45 . 2007-03-02 23:45 -------- d-----w- c:\program files\Microsoft.NET
2010-07-09 14:43 . 2010-07-09 14:43 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-16 13:09 . 2010-04-22 15:43 -------- d-----w- c:\users\Mago\AppData\Roaming\Apple Computer
2010-06-01 03:32 . 2010-06-05 14:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-06-05 14:09 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-06-01 03:32 . 2010-06-05 14:09 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-06-05 14:09 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-06-01 03:32 . 2010-06-05 14:09 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-06-05 14:08 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-06-05 14:08 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-06-05 14:08 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-06-05 14:08 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-06-05 14:08 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-26 16:16 . 2010-06-11 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-11 14:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-04 20:59 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-24 1480296]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2005-02-17 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-10-10 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-20 151552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-07-12 864112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-06-19 133656]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEv entManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Works Calendar.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkscal.exe [2005-8-17 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-28 01:14 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 83496]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-11 12872]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 251904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 160720]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-11 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-11 67656]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [2006-09-03 208896]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 141792]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 55456]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2008-01-29 384896]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 312616]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2010-08-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]
2010-08-12 c:\windows\Tasks\User_Feed_Synchronization-{A59F0F7C-E877-49C7-B318-891D37093CB2}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel
Trusted Zone: intuit.com\ttlc
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
.
- - - - ORPHANS REMOVED - - - -
HKLM-RunOnce-Launcher - (no file)
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-12 10:05
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3448)
c:\progra~1\mcafee\sitead~1\saHook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
************************************************** ************************
.
Completion time: 2010-08-12 10:20:09 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-12 17:19
Pre-Run: 229,969,358,848 bytes free
Post-Run: 230,183,604,224 bytes free
- - End Of File - - 5FBFD24E8D7C6194259E1256A7D4F735
Senior Member
1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:File:: C:\kwldypog.sys Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=-
3. Save the above as CFScript.txt
4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.
5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
Newbie
Thanl you so much here is the combofix log
ComboFix 10-08-15.04 - Mago 08/16/2010 6:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1014.273 [GMT -7:00]
Running from: c:\users\Mago\Desktop\ComboFix.exe
Command switches used :: c:\users\Mago\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"C:\kwldypog.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\kwldypog.sys
.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.
2010-08-16 13:57 . 2010-08-16 13:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-16 13:57 . 2010-08-16 13:57 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-08-16 13:57 . 2010-08-16 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-12 17:20 . 2010-08-16 13:58 -------- d-----w- c:\users\Mago\AppData\Local\temp
2010-08-11 22:20 . 2010-08-11 22:20 -------- d-----w- c:\users\Mago\AppData\Roaming\Malwarebytes
2010-08-11 22:20 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 22:20 . 2010-08-11 22:20 -------- d-----w- c:\programdata\Malwarebytes
2010-08-11 22:20 . 2010-08-11 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-11 22:20 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 18:24 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-25 18:24 . 2010-07-25 18:24 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-25 18:01 . 2010-07-25 18:01 -------- d-----w- c:\users\Mago\AppData\Local\Sunbelt Software
2010-07-25 18:00 . 2010-07-25 18:00 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-19 17:02 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-07-19 17:02 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-11 13:54 . 2007-08-06 14:20 11024 ----a-w- c:\users\Mago\AppData\Roaming\wklnhst.dat
2010-08-11 13:29 . 2009-03-21 21:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-11 02:23 . 2007-09-03 14:59 -------- d-----w- c:\program files\Common Files\Java
2010-08-11 02:19 . 2007-09-03 14:59 -------- d-----w- c:\program files\Java
2010-08-10 21:41 . 2009-03-21 22:00 117760 ----a-w- c:\users\Mago\AppData\Roaming\SUPERAntiSpyware.com \SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 15:12 . 2007-12-12 14:18 -------- d-----w- c:\users\Mago\AppData\Roaming\muvee Technologies
2010-07-20 03:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-17 12:00 . 2010-04-18 21:24 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 15:25 . 2010-06-05 14:08 -------- d-----w- c:\program files\McAfee
2010-07-12 08:56 . 2010-07-25 18:00 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2009-03-21 19:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-09 15:02 . 2010-07-09 15:01 -------- d-----w- c:\program files\iTunes
2010-07-09 15:01 . 2010-07-09 15:01 -------- d-----w- c:\program files\iPod
2010-07-09 15:01 . 2010-04-22 15:26 -------- d-----w- c:\program files\Common Files\Apple
2010-07-09 15:01 . 2010-04-22 15:34 -------- d-----w- c:\programdata\Apple Computer
2010-07-09 14:49 . 2010-07-09 14:49 -------- d-----w- c:\program files\Bonjour
2010-07-09 14:45 . 2007-03-02 23:45 -------- d-----w- c:\program files\Microsoft.NET
2010-07-09 14:43 . 2010-07-09 14:43 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-01 03:32 . 2010-06-05 14:09 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-06-01 03:32 . 2010-06-05 14:09 160720 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-06-01 03:32 . 2010-06-05 14:09 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-06-01 03:32 . 2010-06-05 14:09 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-06-01 03:32 . 2010-06-05 14:09 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-06-01 03:32 . 2010-06-05 14:08 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-06-01 03:32 . 2010-06-05 14:08 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-06-01 03:32 . 2010-06-05 14:08 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-06-01 03:32 . 2010-06-05 14:08 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-06-01 03:32 . 2010-06-05 14:08 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-26 16:16 . 2010-06-11 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-11 14:13 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-04 20:59 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-24 1480296]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\i suspm.exe" [2005-02-17 221184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" [2007-10-10 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-20 151552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-07-12 864112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-19 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-06-19 133656]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEv entManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-25 1193848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Works Calendar.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkscal.exe [2005-8-17 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-28 01:14 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-06-01 83496]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-08-11 12872]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 251904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-06-01 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-06-01 160720]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-08-11 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-08-11 67656]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [2006-09-03 208896]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 141792]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-06-01 55456]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2008-01-29 384896]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-06-01 312616]
--- Other Services/Drivers In Memory ---
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
2010-08-16 c:\windows\Tasks\User_Feed_Synchronization-{A59F0F7C-E877-49C7-B318-891D37093CB2}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel
Trusted Zone: intuit.com\ttlc
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-16 06:58
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-16 07:06:36
ComboFix-quarantined-files.txt 2010-08-16 14:06
ComboFix2.txt 2010-08-12 17:20
Pre-Run: 229,882,789,888 bytes free
Post-Run: 229,836,099,584 bytes free
- - End Of File - - DC789DB908021C30248748A378515520
Senior Member
Good
How is computer doing at the moment?
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
================================================== =============
Please, re-run OTL and give me fresh log.
Newbie
Computer is running much better than beofre thanks
Here is the OTL log
OTL logfile created on: 8/16/2010 7:30:32 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Mago\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 292.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.40 Gb Total Space | 214.13 Gb Free Space | 73.74% Space Free | Partition Type: NTFS
Drive D: | 7.69 Gb Total Space | 0.89 Gb Free Space | 11.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MAGO-PC
Current User Name: Mago
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/08/11 18:10:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
PRC - [2010/06/24 22:32:44 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/12/04 14:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/04 23:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATIF DA.EXE
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/10/09 19:39:55 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
PRC - [2007/04/19 18:11:16 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/04/19 18:10:42 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006/11/20 04:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/09/28 06:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe
PRC - [2005/08/17 21:44:26 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- c:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
========== Modules (SafeList) ==========
MOD - [2010/08/11 18:10:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx
MOD - [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdb aa5a083979cc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/07/12 01:55:38 | 001,352,832 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/31 20:32:58 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/05/31 20:32:58 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/04/14 12:50:14 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/19 18:10:42 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/09/11 17:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/09/11 17:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/09/11 16
SRV - [2006/09/11 16
SRV - [2006/09/03 11:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe -- (DQLWinService)
SRV - [2006/09/01 00:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/05/10 10:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mago\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/11 06:29:24 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/08/11 06:29:24 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/11 06:29:24 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/07/12 01:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/31 20:32:58 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/05/31 20:32:58 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/05/31 20:32:58 | 000,160,720 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2010/05/31 20:32:58 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/05/31 20:32:58 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/05/31 20:32:58 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/05/31 20:32:58 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/05/31 20:32:58 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/05/31 20:32:58 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/11 12:38:14 | 002,324,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/18 20:38:20 | 002,307,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 05:04:16 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/24 07:41:04 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2008/01/28 22:44:04 | 000,384,896 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2006/11/02 00:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2005/12/12 09:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Comcast.net | Entertainment | News | Sports | Email | Watch TV Online | Comcast Deals | On Demand
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Comcast.net | Entertainment | News | Sports | Email | Watch TV Online | Comcast Deals | On Demand
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyServer" = :0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/05 07:37:21 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/08/16 06:57:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100712081710.dl l (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON NX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIF DA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} http://www.costcophotocenter.com/upl...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} http://www.costcophotocenter.com/upl...X_Control.cab? (Photo Upload Plugin Class)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.costcophotocenter.com/upl...X_Control.cab? (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Mago\Desktop\HPIM1661.JPG
O24 - Desktop BackupWallPaper: C:\Users\Mago\Desktop\HPIM1661.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/02 16:42:20 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2010/08/16 19:19:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/16 07:06:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/12 10:20:13 | 000,000,000 | ---D | C] -- C:\Users\Mago\AppData\Local\temp
[2010/08/12 09:01:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/11 18:09:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
[2010/08/11 15:20:41 | 000,000,000 | ---D | C] -- C:\Users\Mago\AppData\Roaming\Malwarebytes
[2010/08/11 15:20:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/11 15:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/11 15:20:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/11 15:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/11 06:48:48 | 005,169,864 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\Mago\Desktop\registrybooster.exe
[2010/08/10 19:20:42 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/10 19:20:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/10 19:20:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/25 11:24:57 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/07/25 11:24:51 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/07/25 11:01:51 | 000,000,000 | ---D | C] -- C:\Users\Mago\AppData\Local\Sunbelt Software
[2010/07/25 11:00:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/07/19 10:03:00 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/07/19 10:03:00 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/07/19 10:02:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/07/19 10:02:56 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/07/19 10:02:56 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
========== Files - Modified Within 30 Days ==========
[2010/08/16 19:30:43 | 004,194,304 | -HS- | M] () -- C:\Users\Mago\ntuser.dat
[2010/08/16 19:23:52 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/08/16 19:22:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 19:22:47 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/16 19:22:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/16 19:22:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/16 19:22:37 | 1063,743,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/16 19:20:49 | 000,524,288 | -HS- | M] () -- C:\Users\Mago\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
[2010/08/16 19:20:49 | 000,065,536 | -HS- | M] () -- C:\Users\Mago\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/16 19:20:27 | 002,529,800 | -H-- | M] () -- C:\Users\Mago\AppData\Local\IconCache.db
[2010/08/16 06:58:15 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/16 06:57:55 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/16 05:46:43 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A59F0F7C-E877-49C7-B318-891D37093CB2}.job
[2010/08/12 08:13:33 | 000,714,880 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/12 08:13:33 | 000,612,550 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/12 08:13:33 | 000,107,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/11 18:10:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Mago\Desktop\OTL.exe
[2010/08/11 17:57:47 | 000,080,384 | ---- | M] () -- C:\Users\Mago\Desktop\MBRCheck.exe
[2010/08/11 15:59:20 | 000,293,376 | ---- | M] () -- C:\Users\Mago\Desktop\mx8uhfuj.exe
[2010/08/11 15:20:20 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 06:54:49 | 000,011,024 | ---- | M] () -- C:\Users\Mago\AppData\Roaming\wklnhst.dat
[2010/08/11 06:49:36 | 005,169,864 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Mago\Desktop\registrybooster.exe
[2010/07/26 21:17:32 | 000,054,272 | ---- | M] () -- C:\Users\Mago\Desktop\Answer.doc
[2010/07/25 11:24:50 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/07/25 10:59:55 | 000,001,033 | ---- | M] () -- C:\Users\Mago\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/25 10:59:55 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/07/19 20:04:38 | 000,417,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/07/19 10:41:58 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
========== Files Created - No Company Name ==========
[2010/08/11 17
[2010/08/11 17:12:22 | 1063,743,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/11 15:59:08 | 000,293,376 | ---- | C] () -- C:\Users\Mago\Desktop\mx8uhfuj.exe
[2010/08/11 15:20:20 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/05 06:23:12 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/07/26 21:17:32 | 000,054,272 | ---- | C] () -- C:\Users\Mago\Desktop\Answer.doc
[2010/07/25 10:59:55 | 000,001,033 | ---- | C] () -- C:\Users\Mago\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/07/25 10:59:55 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/21 18:08:16 | 000,000,044 | ---- | C] () -- C:\Windows\EPNX210.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/06/18 20:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/03/25 09
[2007/11/05 07:55:27 | 000,000,044 | ---- | C] () -- C:\Windows\EPCX8400.ini
[2007/08/24 20:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/13 13:19:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/08/08 07:58:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/08/08 07:48:07 | 000,000,059 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2007/08/08 07:46:31 | 000,000,084 | ---- | C] () -- C:\Windows\EPSPRX580.ini
[2007/03/06 11:49:42 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/03/02 16:25:27 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007/03/02 16
[2007/03/02 16
[2007/03/02 16:12:04 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/01/10 04
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 00:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 00:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/09/16 13:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Users\Mago\Documents\shirley_bassey_-_where_do_i_begin.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mago\Documents\cabezahombros.mp3:TOC.WMV
@Alternate Data Stream - 143 bytes -> C:\Users\Mago\Documents\maribel.nws:OECustomProper ty
< End of report >
Senior Member
Good
Your computer would greatly benefit from adding another 1GB of RAM. Vista likes to run on at least 2GB of RAM.
You'll need to install SP2, but wait with that until we're done with cleaning.
We need to remove old Java version and its remnants...
Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================== ============
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
Code::OTL O4 - HKLM..\Run: [CCUTRAYICON] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found @Alternate Data Stream - 64 bytes -> C:\Users\Mago\Documents\shirley_bassey_-_where_do_i_begin.mp3:TOC.WMV @Alternate Data Stream - 64 bytes -> C:\Users\Mago\Documents\cabezahombros.mp3:TOC.WMV @Alternate Data Stream - 143 bytes -> C:\Users\Mago\Documents\maribel.nws:OECustomProperty :Services :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" =- :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================== ===========
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Newbie
On the Kasoersjy online scanner website after I click accept a message window says:
Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program. What do I need to do
