Author Topic: Log Files of an infected laptop...any/all help GREATLY appreciated (Read 30852 times)

MAneedshelp · « **on:** April 06, 2011, 03:08:49 PM »

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/05/2011 at 05:07 PM

Application Version : 4.50.1002

Core Rules Database Version : 6737
Trace Rules Database Version: 4549

Scan type : Complete Scan
Total Scan Time : 00:24:13

Memory items scanned : 672
Memory threats detected : 0
Registry items scanned : 8340
Registry threats detected : 82
File items scanned : 144902
File threats detected : 65

Trojan.Unclassified/Cognac
   HKU\.DEFAULT\Software\Cognac
   HKU\S-1-5-18\Software\Cognac

Trojan.Agent/Gen
   HKU\.DEFAULT\SOFTWARE\XML
   HKU\.DEFAULT\SOFTWARE\XML#dig15
   HKU\.DEFAULT\SOFTWARE\XML#dig4
   HKU\.DEFAULT\SOFTWARE\XML#dig5
   HKU\.DEFAULT\SOFTWARE\XML#dig20
   HKU\.DEFAULT\SOFTWARE\XML#dig25
   HKU\.DEFAULT\SOFTWARE\XML#str0
   HKU\.DEFAULT\SOFTWARE\XML#str14
   HKU\.DEFAULT\SOFTWARE\XML#dig10
   HKU\.DEFAULT\SOFTWARE\XML#str6
   HKU\.DEFAULT\SOFTWARE\XML#str7
   HKU\.DEFAULT\SOFTWARE\XML#str8
   HKU\.DEFAULT\SOFTWARE\XML#str9
   HKU\.DEFAULT\SOFTWARE\XML#str10
   HKU\.DEFAULT\SOFTWARE\XML#str13
   HKU\.DEFAULT\SOFTWARE\XML#str1
   HKU\.DEFAULT\SOFTWARE\XML#str2
   HKU\.DEFAULT\SOFTWARE\XML#str5
   HKU\.DEFAULT\SOFTWARE\XML#dig7
   HKU\.DEFAULT\SOFTWARE\XML#dig8
   HKU\.DEFAULT\SOFTWARE\XML#dig6
   HKU\.DEFAULT\SOFTWARE\XML#str16
   HKU\.DEFAULT\SOFTWARE\XML#str17
   HKU\.DEFAULT\SOFTWARE\XML#str19
   HKU\.DEFAULT\SOFTWARE\XML#dig18
   HKU\.DEFAULT\SOFTWARE\XML#dig17
   HKU\.DEFAULT\SOFTWARE\XML#str22
   HKU\.DEFAULT\SOFTWARE\XML#str23
   HKU\.DEFAULT\SOFTWARE\XML#str25
   HKU\.DEFAULT\SOFTWARE\XML#str26
   HKU\.DEFAULT\SOFTWARE\XML#dig24
   HKU\.DEFAULT\SOFTWARE\XML#dig23
   HKU\.DEFAULT\SOFTWARE\XML#str130
   HKU\.DEFAULT\SOFTWARE\XML#str15
   HKU\.DEFAULT\SOFTWARE\XML#str128
   HKU\.DEFAULT\SOFTWARE\XML#str129
   HKU\.DEFAULT\SOFTWARE\XML#dig3
   HKU\.DEFAULT\SOFTWARE\XML#dig21
   HKU\.DEFAULT\SOFTWARE\XML#dig19
   HKU\.DEFAULT\SOFTWARE\XML#dig13
   HKU\S-1-5-18\SOFTWARE\XML
   HKU\S-1-5-18\SOFTWARE\XML#dig15
   HKU\S-1-5-18\SOFTWARE\XML#dig4
   HKU\S-1-5-18\SOFTWARE\XML#dig5
   HKU\S-1-5-18\SOFTWARE\XML#dig20
   HKU\S-1-5-18\SOFTWARE\XML#dig25
   HKU\S-1-5-18\SOFTWARE\XML#str0
   HKU\S-1-5-18\SOFTWARE\XML#str14
   HKU\S-1-5-18\SOFTWARE\XML#dig10
   HKU\S-1-5-18\SOFTWARE\XML#str6
   HKU\S-1-5-18\SOFTWARE\XML#str7
   HKU\S-1-5-18\SOFTWARE\XML#str8
   HKU\S-1-5-18\SOFTWARE\XML#str9
   HKU\S-1-5-18\SOFTWARE\XML#str10
   HKU\S-1-5-18\SOFTWARE\XML#str13
   HKU\S-1-5-18\SOFTWARE\XML#str1
   HKU\S-1-5-18\SOFTWARE\XML#str2
   HKU\S-1-5-18\SOFTWARE\XML#str5
   HKU\S-1-5-18\SOFTWARE\XML#dig7
   HKU\S-1-5-18\SOFTWARE\XML#dig8
   HKU\S-1-5-18\SOFTWARE\XML#dig6
   HKU\S-1-5-18\SOFTWARE\XML#str16
   HKU\S-1-5-18\SOFTWARE\XML#str17
   HKU\S-1-5-18\SOFTWARE\XML#str19
   HKU\S-1-5-18\SOFTWARE\XML#dig18
   HKU\S-1-5-18\SOFTWARE\XML#dig17
   HKU\S-1-5-18\SOFTWARE\XML#str22
   HKU\S-1-5-18\SOFTWARE\XML#str23
   HKU\S-1-5-18\SOFTWARE\XML#str25
   HKU\S-1-5-18\SOFTWARE\XML#str26
   HKU\S-1-5-18\SOFTWARE\XML#dig24
   HKU\S-1-5-18\SOFTWARE\XML#dig23
   HKU\S-1-5-18\SOFTWARE\XML#str130
   HKU\S-1-5-18\SOFTWARE\XML#str15
   HKU\S-1-5-18\SOFTWARE\XML#str128
   HKU\S-1-5-18\SOFTWARE\XML#str129
   HKU\S-1-5-18\SOFTWARE\XML#dig3
   HKU\S-1-5-18\SOFTWARE\XML#dig21
   HKU\S-1-5-18\SOFTWARE\XML#dig19
   HKU\S-1-5-18\SOFTWARE\XML#dig13

Adware.Tracking Cookie
   2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   acvs.mediaonenetwork.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   adimages.scrippsnetworks.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   adknowledge.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   cdn-www.pornhub.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   cdn.eyewonder.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   cdn4.specificclick.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   convoad.technoratimedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   core.insightexpressai.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   ec.atdmt.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   files.youporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   googleads.g.doubleclick.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   ia.media-imdb.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   img-cdn.mediaplex.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   interclick.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   m1.2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   m1.au.2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   macromedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media-att.pictela.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media-ti.pictela.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.dyson.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.jambocast.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.monster.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.mtvnservices.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.nintendo.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.scanscout.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.tbo.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.thewb.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media1.break.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media10.washingtonpost.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   mediaonenetwork.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   mediaserver.vrxstudios.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   msnbcmedia.msn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   naiadsystems.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   objects.tremormedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   oddcast.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   pornotube.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   s0.2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   spe.atdmt.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.discoverymedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.sexsearch.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.sexsearchcom.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.youporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   traffic.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   udn.specificclick.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   vidego.multicastmedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   video.redorbit.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   video.unrulymedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   wdw2.wdpromedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   web.adknowledge.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   webmedia.bankofamerica.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.crackle.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.freepornofreeporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.freshteen.biz [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.lottoelite.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.naiadsystems.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornfo.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornhub.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornotube.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornprosnetwork.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.porntube.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.ziporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   wwwstatic.megaporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]

MAneedshelp · « **Reply #1 on:** April 06, 2011, 03:09:52 PM »

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6281

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/5/2011 9:16:43 PM
mbam-log-2011-04-05 (21-16-43).txt

Scan type: Quick scan
Objects scanned: 203606
Time elapsed: 2 hour(s), 39 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:57:41 PM, on 4/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\AOL\1161106650\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: 221.135.111.121 download.McAfee.com
O1 - Hosts: 221.135.111.122 download.McAfee.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104163136.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161106650\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.broadinstitute.org/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = broadinstitute.org,broadinstitute.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = broadinstitute.org,broadinstitute.org
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {f507f800-7767-4acc-a237-7ac6f15bf879} - C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\msmonitor.
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 14029 bytes

SuperDave · « **Reply #2 on:** April 06, 2011, 05:32:59 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*********************************************
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
*********************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O1 - Hosts: 221.135.111.121 download.McAfee.com
O1 - Hosts: 221.135.111.122 download.McAfee.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

MAneedshelp · « **Reply #3 on:** April 07, 2011, 05:44:02 PM »

Here is the log from the Security Check. I was not able to open the DDS file, each time I attempted to open the file a window popped up asking me which program to use to open the file. I was unsure of which to choose. Thanks!

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 8.2.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

SuperDave · « **Reply #4 on:** April 08, 2011, 12:05:11 PM »

Please download SREng

Extract it to Desktop and double click SREngLdr.EXE to run it
Select System Repair from the left pane.
Click on File Association
Select all entries that has an Error status click [Repair]
Refer to this image for an example:

In your case, it would be .EXE
Close SREng now.

.
***********************************************
Please try running DDS now.

MAneedshelp · « **Reply #5 on:** April 09, 2011, 08:09:36 AM »

I ran SREngLdr and the only error was on .SCR files. After clicking 'repair' the error was still present. I attempted to run DDS anyways but still was not able to have any success. I also tried rebooting 2 times and got nowhere.

SuperDave · « **Reply #6 on:** April 09, 2011, 12:18:51 PM »

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

MAneedshelp · « **Reply #7 on:** April 10, 2011, 02:37:51 PM »

OTL logfile created on: 4/10/2011 8:48:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Coyne\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 10.51 Gb Free Space | 16.99% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.90% Space Free | Partition Type: FAT32

Computer Name: MIKECOYNE | User Name: Michael Coyne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 08:26:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Coyne\My Documents\Downloads\OTL.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/17 17:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/09 20:24:16 | 000,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe

========== Modules (SafeList) ==========

MOD - [2011/04/10 08:26:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Coyne\My Documents\Downloads\OTL.exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)

========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 04:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/05/17 11:22:42 | 000,057,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/05/17 11:22:40 | 000,024,209 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 11:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 13:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/04/20 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/16 00:00:00 | 000,011,648 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2005/12/22 13:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 16:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 14:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/01/26 12:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/03 19:58:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 21:01:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 16:29:26 | 000,000,000 | ---D | M]

[2008/06/22 17:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Extensions
[2011/04/09 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions
[2010/07/22 16:32:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/13 15:41:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/26 19:57:39 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions\[email protected]
[2009/12/23 17:06:11 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\searchplugins\AIM Search.xml
[2011/04/09 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/17 14:52:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/06 16:29:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/01/08 19:26:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/03 19:58:33 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2004/03/01 14:24:58 | 001,650,688 | ---- | M] (MDL Information Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npchime.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/06 21:05:24 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/12/23 17:06:11 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2010/10/11 14:03:54 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/04/07 18:55:57 | 000,000,787 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104163136.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [dcmsvc] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Michael Coyne\Start Menu\Programs\StartUp\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab (QuickTime Object)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen10.exe (Reg Error: Key error.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.broadinstitute.org/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} http://www.howardstern.com/install/uvuplayer.cab (UVUPlayer Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{61cf13c9-b86f-11db-bbf3-0018de057ec1}\Shell - "" = AutoRun
O33 - MountPoints2\{61cf13c9-b86f-11db-bbf3-0018de057ec1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61cf13c9-b86f-11db-bbf3-0018de057ec1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{b9cf59d4-40f9-11df-becd-0018de057ec1}\Shell - "" = AutoRun
O33 - MountPoints2\{b9cf59d4-40f9-11df-becd-0018de057ec1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9cf59d4-40f9-11df-becd-0018de057ec1}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: igfxator - (C:\WINDOWS\system32\dfrgMRT.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1AFCD067-8356-518B-CC24-D74F79E059C1} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{DCF51E21-EE79-410F-9776-FCF0D9963ADF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()

========== Files/Folders - Created Within 30 Days ==========

[2011/04/08 20:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/04/08 18:52:24 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\Michael Coyne\Desktop\SREngLdr.EXE
[2011/04/06 18:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/04/06 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Start Menu\Programs\Google Chrome
[2011/04/06 16:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Start Menu\Programs\HiJackThis
[2011/04/06 16:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/06 16:40:27 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Michael Coyne\Desktop\JavaRa.exe
[2011/04/06 16:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/05 17:34:56 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Coyne\Desktop\lala.exe
[2011/04/04 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/04 16:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/03 18:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bonjour
[2011/04/03 18:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/03 18:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/03 18:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/03 18:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/03 18:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/03 18:27:15 | 000,000,000 | ---D | C] -- C:\vongo
[2011/04/03 18:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/03 18:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/03 18:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco
[2011/04/03 18:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/04/03 18:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
[2011/04/03 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2011/04/03 18:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/04/03 18:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Linksys EasyLink Advisor
[2011/04/03 18:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Start Menu\Programs\LimeWire
[2011/04/03 18:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys EasyLink Advisor
[2011/04/03 18:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\muvee Technologies
[2011/04/03 18:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2011/04/03 18:25:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Coyne\Recent
[2011/04/03 17:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2011/04/02 14:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/02 14:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Application Data\OnlineArmor
[2011/04/02 14:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2011/04/02 14:33:04 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/02 14:33:04 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/04/02 14:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2011/04/02 14:11:33 | 010,793,648 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Michael Coyne\Desktop\SUPERAntiSpyware.exe
[2011/04/02 14:11:31 | 003,050,472 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Michael Coyne\Desktop\ccsetup305.exe
[2011/04/02 14:11:27 | 022,119,848 | ---- | C] (Emsi Software GmbH ) -- C:\Documents and Settings\Michael Coyne\Desktop\OnlineArmorSetup.exe
[2011/04/02 11:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\My Documents\Sony PMB
[2011/03/22 21:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2011/03/22 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2011/03/22 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Michael Coyne\My Documents\*.tmp files -> C:\Documents and Settings\Michael Coyne\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 09:32:20 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005UA.job
[2011/04/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/04/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/04/10 08:55:24 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/04/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/04/10 07:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/04/10 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/04/10 06:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/04/10 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/04/10 05:46:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/04/10 05:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/04/10 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/04/10 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/04/10 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/04/10 03:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/04/10 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/04/10 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/04/10 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/04/10 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/04/10 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/04/10 00:41:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/04/10 00:40:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/09 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/04/09 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/04/09 22:57:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1D1201B8-736F-4099-95F8-F9DAEDA76682}.job
[2011/04/09 22:55:14 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/09 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/04/09 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/04/09 21:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/04/09 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/04/09 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/04/09 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/04/09 19:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/04/09 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/04/09 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/04/09 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/04/09 17:32:10 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005Core.job
[2011/04/09 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/04/09 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/04/09 16:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/04/09 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/04/09 15:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/04/09 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/04/09 14:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/04/09 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/04/09 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/04/09 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/04/09 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/04/09 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/04/09 11:00:09 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/04/09 11:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/04/09 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/04/09 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/04/08 21:04:11 | 000,001,554 | ---- | M] () -- C:\hpqp.ini
[2011/04/08 21:01:30 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/04/08 20:57:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 20:51:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 20:51:27 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/07 18:55:57 | 000,000,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/07 18:21:55 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\dds.scr
[2011/04/07 18:21:25 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\SecurityCheck.exe
[2011/04/06 17:32:30 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\Google Chrome.lnk
[2011/04/06 17:32:30 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/06 16:54:55 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\Shortcut to sniper.exe.lnk
[2011/04/06 16:48:54 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.lnk
[2011/04/05 22:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/05 17:36:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/04 16:31:21 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/02 14:34:33 | 000,499,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/02 14:34:33 | 000,091,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/02 14:04:22 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.msi
[2011/04/02 14:04:16 | 010,793,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Michael Coyne\Desktop\SUPERAntiSpyware.exe
[2011/04/02 14:03:50 | 003,050,472 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Michael Coyne\Desktop\ccsetup305.exe
[2011/04/02 13:59:56 | 022,119,848 | ---- | M] (Emsi Software GmbH ) -- C:\Documents and Settings\Michael Coyne\Desktop\OnlineArmorSetup.exe
[2011/04/01 15:33:56 | 000,015,314 | -HS- | M] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/04/01 15:33:56 | 000,015,314 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/03/31 17:04:46 | 000,015,218 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kb7bruw3dvw44
[2011/03/31 17:04:45 | 000,015,218 | -HS- | M] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\kb7bruw3dvw44
[2011/03/31 15:56:48 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\12345.exe.exe
[2011/03/31 01:42:00 | 000,301,809 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\JavaRa.def
[2011/03/30 20:25:48 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Michael Coyne\Desktop\lala.exe
[2011/03/30 19:32:42 | 000,039,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/03/30 19:32:20 | 000,029,464 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/03/30 19:32:20 | 000,025,192 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/03/30 19:32:18 | 000,205,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/03/27 15:13:28 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2011/03/21 10:47:18 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Michael Coyne\My Documents\*.tmp files -> C:\Documents and Settings\Michael Coyne\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/07 18:21:51 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\dds.scr
[2011/04/07 18:21:25 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\SecurityCheck.exe
[2011/04/06 17:32:30 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\Google Chrome.lnk
[2011/04/06 17:32:30 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/06 17:27:04 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005UA.job
[2011/04/06 17:27:03 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005Core.job
[2011/04/06 16:54:55 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\Shortcut to sniper.exe.lnk
[2011/04/06 16:48:54 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.lnk
[2011/04/06 16:40:44 | 000,301,809 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\JavaRa.def
[2011/04/05 17:36:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/04 16:31:21 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/02 14:33:04 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/02 14:33:03 | 000,205,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/02 14:11:35 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.msi
[2011/04/02 13:44:38 | 2137,051,136 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/31 17:04:45 | 000,015,218 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kb7bruw3dvw44
[2011/03/31 17:04:44 | 000,015,218 | -HS- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\kb7bruw3dvw44
[2011/03/31 15:57:55 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\12345.exe.exe
[2011/03/30 16:44:30 | 000,015,314 | -HS- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/03/30 16:44:30 | 000,015,314 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/03/27 15:11:58 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2010/05/22 19:23:35 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/17 16:37:31 | 000,056,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/04 23:30:34 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/04/04 23:30:34 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/04/04 23:30:14 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/04/04 23:30:14 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/04/04 23:30:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/04/04 23:30:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/02/12 04:06:01 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/19 19:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 19:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/06 17:08:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/03/26 17:08:23 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/03/18 15:26:31 | 000,006,189 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\PrimoPDFSet.xml
[2008/03/18 15:26:31 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\APUSet.xml
[2008/03/18 15:23:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/06/28 17:09:04 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2007/06/18 23:13:02 | 000,760,531 | ---- | C] () -- C:\WINDOWS\System32\avformat-51.dll
[2007/06/18 23:12:56 | 000,097,358 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2007/06/18 17:56:40 | 002,041,856 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2007/06/18 17:56:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\swscale-0.dll
[2007/04/29 19:53:53 | 000,001,248 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/04/07 15:10:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\wklnhst.dat
[2007/02/26 08:23:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/02/14 21:02:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006/11/23 12:25:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2006/11/10 11:51:08 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/03 21:36:55 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/11/03 19:42:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/10/18 04:19:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\fusioncache.dat
[2006/10/17 21:03:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/10/17 15:09:12 | 000,238,592 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/17 14:52:16 | 000,003,257 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/17 13:35:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/17 13:35:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/08 05:12:39 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/08 05:08:19 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/08 05:08:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/08 04:53:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/08 04:40:23 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,499,574 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,091,016 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,011,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\acpiec.sys
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/05/06 14:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll

========== LOP Check ==========

[2009/12/23 17:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/01/25 21:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/12/02 17:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/07/14 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2007/05/21 14:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GraphPad Software
[2007/07/02 13:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/04/06 18:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/02/09 07:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pMiEkOh06511
[2011/02/16 07:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pNnIhEc06511
[2007/04/09 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Game

MAneedshelp · « **Reply #8 on:** April 10, 2011, 02:38:36 PM »

OTL Extras logfile created on: 4/10/2011 8:48:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Michael Coyne\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 10.51 Gb Free Space | 16.99% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.90% Space Free | Partition Type: FAT32

Computer Name: MIKECOYNE | User Name: Michael Coyne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.scr [@ = scrfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"62515:UDP" = 62515:UDP:*:Enabled:Broad
"10000:TCP" = 10000:TCP:*:Enabled:Broad
"4500:UDP" = 4500:UDP:*:Enabled:Broad1
"500:UDP" = 500:UDP:*:Enabled:Broad2

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1161106650\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1161106650\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\MicroProse\Worms2\frontend.exe" = C:\MicroProse\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend
"C:\Program Files\HP Games\JEOPARDY\JEOPARDY!.exe" = C:\Program Files\HP Games\JEOPARDY\JEOPARDY!.exe:*:Enabled:JEOPARDY!
"C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:Framework Service
"C:\Program Files\Beacon Designer 7.0\jre\bin\javaw.exe" = C:\Program Files\Beacon Designer 7.0\jre\bin\javaw.exe:*:Enabled:javaw
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010977DE-35D4-4F21-9BFB-0CFE7DF3848D}" = MxPro
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{355FADAF-55C4-4E08-88D4-A86C4CA6930C}" = HP Wireless Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A27D738D-41C1-4F52-BB28-FD4139B49B2B}" = Air Cam
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAC263B7-241A-483E-A6F2-7FC4F33BD533}" = AERIS Computer Interface 2.x
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"31BE0B185D40E37BF8199C5044B289D5A7930AF 3" = Windows Driver Package - FTDI (FTDIBUS) USB (04/16/2004 1.00.2154)
"6E2662A83E8EFD0F397A2CB1AC4F529B7DFF7B4 C" = Windows Driver Package - FTDI (FTSER2K) Ports (04/16/2004 1.00.2154)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AutoComplete ActiveX Control" = AutoComplete ActiveX Control
"BeerSmith" = BeerSmith Brewing Software
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"com.warnerbros.DigitalCopyManager.449F6 6ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Data File Editor" = Data File Editor
"dcmsvc_is1" = dcmsvc 1.0
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0033)
"FTDICOMM" = USB Download Interface Driver
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Lexmark 730 Series" = Lexmark 730 Series
"LG USB Drivers" = LG USB Drivers
"LimeWire" = LimeWire 4.16.6
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SecureCRT" = VanDyke Software SecureCRT 5.2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2011 7:39:26 PM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3448 (0xd78) Thread address : 0x1204856E Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
Coyne\My Documents\Downloads\jxpiinstall.exe by C:\Program Files\Mozilla Firefox\firefox.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/8/2011 4:55:20 PM | Computer Name = MIKECOYNE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2011 5:19:55 PM | Computer Name = MIKECOYNE | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 4/8/2011 6:01:30 PM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3004 (0xbbc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\WINDOWS\Tasks\At19.job

by C:\WINDOWS\System32\svchost.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0)

7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/8/2011 6:44:39 PM | Computer Name = MIKECOYNE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3888, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 4/8/2011 9:12:47 PM | Computer Name = MIKECOYNE | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x000187f1.

Error - 4/9/2011 10:04:06 AM | Computer Name = MIKECOYNE | Source = MsiInstaller | ID = 11706
Description = Product: Cisco Systems VPN Client 5.0.03.0560 -- Error 1706. No valid
source could be found for product Cisco Systems VPN Client 5.0.03.0560. Windows
Installer cannot continue.

Error - 4/9/2011 10:41:52 AM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3196 (0xc7c) Thread address : 0x12041363 Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
Coyne\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\Cache\225E4F60d01

by C:\Program Files\Mozilla Firefox\firefox.exe 4(15)(0) 4(15)(0) 7200(15)(0) 7595(15)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/10/2011 8:27:59 AM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 4660 (0x1234) Thread address : 0x12040D5B Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
Coyne\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\Cache\DA761E44d01

by C:\Program Files\Mozilla Firefox\firefox.exe 4(16)(0) 4(16)(0) 7200(16)(0) 7595(16)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 4/10/2011 8:40:36 AM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 7696 (0x1e10) Thread address : 0x1204141A Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
Coyne\My Documents\Downloads\jxpiinstall.exe by C:\WINDOWS\Explorer.EXE 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ Cisco AnyConnect VPN Client Events ]
Error - 1/18/2011 5:18:17 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::main File: .\VpnMgr.cpp Line: 1556 Invoked Function:
IHostMgr::enableHostMgr Return Code: -32964593 (0xFE09000F) Description: VAMGR_ERROR_ENABLE_VA_FAILED

Error - 1/18/2011 5:18:17 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67110873
Description = Termination reason code 13: Unable to start VA, setup shared queue,
or VA gave up on shared queue.

Error - 1/18/2011 5:18:18 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::launchCachedDownloader File: .\ConnectMgr.cpp
Line:
4967 Invoked Function: ConnectMgr :: launchCachedDownloader Return Code: 3 (0x00000003)
Description:
Cached Downloader terminated abnormally

Error - 1/18/2011 5:18:20 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1672
Invoked
Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED

Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::EnableVA File: .\WindowsVirtualAdapter.cpp
Line:
2007 Invoked Function: CWindowsVirtualAdapter::GetConnName Return Code: -33554423
(0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Unable to obtain an interface name
after 20 tries

Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::enableHostMgr File: .\VAMgr.cpp Line: 394 Invoked Function:
EnableVA Return Code: 0 (0x00000000) Description: unknown

Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::main File: .\VpnMgr.cpp Line: 1556 Invoked Function:
IHostMgr::enableHostMgr Return Code: -32964593 (0xFE09000F) Description: VAMGR_ERROR_ENABLE_VA_FAILED

Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67110873
Description = Termination reason code 13: Unable to start VA, setup shared queue,
or VA gave up on shared queue.

Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::launchCachedDownloader File: .\ConnectMgr.cpp
Line:
4967 Invoked Function: ConnectMgr :: launchCachedDownloader Return Code: 3 (0x00000003)
Description:
Cached Downloader terminated abnormally

Error - 1/18/2011 5:19:40 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1672
Invoked
Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED

[ System Events ]
Error - 4/10/2011 12:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 12:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At37.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 1:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 1:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At38.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 2:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 2:00:01 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At39.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 3:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 3:00:01 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At40.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 4:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 4/10/2011 4:00:01 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At41.job command failed to start due to the following error: %%2147942402

< End of report >

SuperDave · « **Reply #9 on:** April 10, 2011, 07:05:53 PM »

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [dcmsvc]  File not found

:files 
C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:folders 
C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
P2P - I see you have P2P software installed on your machine (LimeWire). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*********************************************
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
**************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

You can also uninstall Java(TM) 6 Update 2, Java(TM) 6 Update 3 and Java(TM) 6 Update 5.
They are no longer needed.
******************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

MAneedshelp · « **Reply #10 on:** April 12, 2011, 02:41:50 PM »

Here are the OTL results. ComboFix ran overnight and never produced a log. It appeared that my computer rebooted at some point because the login screen was up this afternoon. I AM able to run DDS right now and I will post those results as soon as they come up. Thanks!

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dcmsvc deleted successfully.
========== FILES ==========
C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 38784 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Flash cache emptied: 348 bytes

User: Michael Coyne
->Temp folder emptied: 15207165 bytes
->Temporary Internet Files folder emptied: 2766647 bytes
->Java cache emptied: 99856344 bytes
->FireFox cache emptied: 68907033 bytes
->Google Chrome cache emptied: 8266419 bytes
->Flash cache emptied: 4029 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26127576 bytes
->Flash cache emptied: 907 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1804537 bytes
%systemroot%\System32 .tmp files removed: 4637201 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145352 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 80201628 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 28672 bytes

Total Files Cleaned = 294.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04112011_171547

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

MAneedshelp · « **Reply #11 on:** April 13, 2011, 01:38:06 PM »

Unfortunately the same thing happened overnight with the DDS program. Any suggestions at this point?

SuperDave · « **Reply #12 on:** April 13, 2011, 05:46:28 PM »

Please forget about DDS for the moment and try to download and run ComboFix.

MAneedshelp · « **Reply #13 on:** April 15, 2011, 01:54:07 PM »

ComboFix 11-04-14.01 - Michael Coyne 04/14/2011 20:00:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1470 [GMT -4:00]
Running from: c:\documents and settings\Michael Coyne\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Adobe Systems
c:\documents and settings\All Users\Application Data\Adobe Systems\Product licenses\B2B86000.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\invokesi.exe
c:\documents and settings\Michael Coyne\GoToAssistDownloadHelper.exe
c:\documents and settings\Michael Coyne\WINDOWS
c:\program files\Shared
c:\windows\system32\Cache
c:\windows\system32\regobj.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-11 21:15 . 2011-04-11 21:15   --------   d-----w-   C:\_OTL
2011-04-06 22:01 . 2011-04-06 22:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-06 20:49 . 2011-04-06 20:49   388096   ----a-r-   c:\documents and settings\Michael Coyne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-06 20:48 . 2011-04-06 20:48   --------   d-----w-   c:\program files\Trend Micro
2011-04-06 20:29 . 2011-02-03 01:40   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-06 20:29 . 2011-02-03 01:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-04-04 20:33 . 2011-04-04 20:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-03 22:33 . 2011-04-03 22:33   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-04-03 22:31 . 2011-04-03 22:31   --------   d-----w-   c:\program files\QuickTime
2011-04-03 22:30 . 2011-04-03 22:30   --------   d-----w-   c:\program files\iPod
2011-04-03 22:30 . 2011-04-03 22:31   --------   d-----w-   c:\program files\iTunes
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   C:\vongo
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-04-03 22:27 . 2011-04-03 22:32   --------   d-----w-   c:\program files\Bonjour
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   c:\program files\Cisco
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   c:\program files\Common Files\Deterministic Networks
2011-04-03 22:26 . 2011-04-11 22:24   --------   d-----w-   c:\program files\LimeWire
2011-04-03 22:26 . 2011-04-03 22:26   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Gtek
2011-04-03 22:26 . 2011-04-03 22:26   --------   d-----w-   c:\program files\Linksys EasyLink Advisor
2011-04-03 22:25 . 2011-04-03 22:26   --------   d-----w-   c:\program files\Common Files\muvee Technologies
2011-04-02 18:56 . 2011-04-02 18:56   --------   d-----w-   c:\documents and settings\Michael Coyne\Application Data\SUPERAntiSpyware.com
2011-04-02 18:56 . 2011-04-04 20:31   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-04-02 18:35 . 2011-04-02 18:36   --------   d-----w-   c:\documents and settings\Michael Coyne\Application Data\OnlineArmor
2011-04-02 18:33 . 2011-03-30 23:32   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-02 18:33 . 2011-03-30 23:32   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-02 18:33 . 2011-03-30 23:32   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-02 18:33 . 2011-03-30 23:32   205992   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-02 18:32 . 2011-04-03 19:39   --------   d-----w-   c:\program files\Online Armor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-03-16 04:00   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-03-16 04:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-03-16 04:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-03-16 04:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-03-16 04:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-03-16 04:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-16 04:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-01-19 12:26   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-05-10 08:17   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 09:47   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-16 04:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2008-08-24 22:12   229888   ----a-w-   c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2006-03-16 04:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-16 04:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-04 22:48 . 2006-03-04 07:08   456192   ----a-w-   c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2006-03-16 04:00   291840   ----a-w-   c:\windows\system32\sbe.dll
2011-02-02 23:19 . 2007-05-02 01:52   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2006-03-16 04:00   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-03-16 04:00   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-16 04:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2010-10-14 02:28 . 2010-10-15 06:39   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-08 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Google Update"="c:\documents and settings\Michael Coyne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-07-13 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"HostManager"="c:\program files\Common Files\AOL\1161106650\ee\AOLSoftware.exe" [2006-05-10 50760]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-06 94208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
Script execution time was exceeded on script "c:\combofix\lnkread.vbs".
Script execution was terminated.
.
c:\documents and settings\Michael Coyne\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161106650\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161106650\\ee\\aim6.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"62515:UDP"= 62515:UDP:Broad
"10000:TCP"= 10000:TCP:Broad
"4500:UDP"= 4500:UDP:Broad1
"500:UDP"= 500:UDP:Broad2
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 136176]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-10-14 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-14 84072]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-10-14 88544]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:34]
.
2011-04-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-03-16 00:12]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 06:11]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 06:11]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005Core.job
- c:\documents and settings\Michael Coyne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 06:11]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005UA.job
- c:\documents and settings\Michael Coyne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 06:11]
.
2011-04-15 c:\windows\Tasks\User_Feed_Synchronization-{1D1201B8-736F-4099-95F8-F9DAEDA76682}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.broadinstitute.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
FF - ProfilePath - c:\documents and settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
AddRemove-dcmsvc_is1 - c:\program files\dcmsvc\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 21:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe?

??L?@?

`P?

??g?@?

?L?@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5532)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2011-04-14 22:56:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-15 02:55
.
Pre-Run: 11,275,251,712 bytes free
Post-Run: 11,262,693,376 bytes free
.
- - End Of File - - 0D7AE01B04AEAA6EEB90EF29C3672338

SuperDave · « **Reply #14 on:** April 16, 2011, 12:48:28 PM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Computer Hope Forum

News:

Author Topic: Log Files of an infected laptop...any/all help GREATLY appreciated (Read 30852 times)

MAneedshelp

Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

SuperDave

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

SuperDave

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

SuperDave

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

SuperDave

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

SuperDave

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

MAneedshelp

Re: Log Files of an infected laptop...any/all help GREATLY appreciated

SuperDave

Re: Log Files of an infected laptop...any/all help GREATLY appreciated