Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: MAneedshelp on April 06, 2011, 03:08:49 PM

Title: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 06, 2011, 03:08:49 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/05/2011 at 05:07 PM

Application Version : 4.50.1002

Core Rules Database Version : 6737
Trace Rules Database Version: 4549

Scan type       : Complete Scan
Total Scan Time : 00:24:13

Memory items scanned      : 672
Memory threats detected   : 0
Registry items scanned    : 8340
Registry threats detected : 82
File items scanned        : 144902
File threats detected     : 65

Trojan.Unclassified/Cognac
   HKU\.DEFAULT\Software\Cognac
   HKU\S-1-5-18\Software\Cognac

Trojan.Agent/Gen
   HKU\.DEFAULT\SOFTWARE\XML
   HKU\.DEFAULT\SOFTWARE\XML#dig15
   HKU\.DEFAULT\SOFTWARE\XML#dig4
   HKU\.DEFAULT\SOFTWARE\XML#dig5
   HKU\.DEFAULT\SOFTWARE\XML#dig20
   HKU\.DEFAULT\SOFTWARE\XML#dig25
   HKU\.DEFAULT\SOFTWARE\XML#str0
   HKU\.DEFAULT\SOFTWARE\XML#str14
   HKU\.DEFAULT\SOFTWARE\XML#dig10
   HKU\.DEFAULT\SOFTWARE\XML#str6
   HKU\.DEFAULT\SOFTWARE\XML#str7
   HKU\.DEFAULT\SOFTWARE\XML#str8
   HKU\.DEFAULT\SOFTWARE\XML#str9
   HKU\.DEFAULT\SOFTWARE\XML#str10
   HKU\.DEFAULT\SOFTWARE\XML#str13
   HKU\.DEFAULT\SOFTWARE\XML#str1
   HKU\.DEFAULT\SOFTWARE\XML#str2
   HKU\.DEFAULT\SOFTWARE\XML#str5
   HKU\.DEFAULT\SOFTWARE\XML#dig7
   HKU\.DEFAULT\SOFTWARE\XML#dig8
   HKU\.DEFAULT\SOFTWARE\XML#dig6
   HKU\.DEFAULT\SOFTWARE\XML#str16
   HKU\.DEFAULT\SOFTWARE\XML#str17
   HKU\.DEFAULT\SOFTWARE\XML#str19
   HKU\.DEFAULT\SOFTWARE\XML#dig18
   HKU\.DEFAULT\SOFTWARE\XML#dig17
   HKU\.DEFAULT\SOFTWARE\XML#str22
   HKU\.DEFAULT\SOFTWARE\XML#str23
   HKU\.DEFAULT\SOFTWARE\XML#str25
   HKU\.DEFAULT\SOFTWARE\XML#str26
   HKU\.DEFAULT\SOFTWARE\XML#dig24
   HKU\.DEFAULT\SOFTWARE\XML#dig23
   HKU\.DEFAULT\SOFTWARE\XML#str130
   HKU\.DEFAULT\SOFTWARE\XML#str15
   HKU\.DEFAULT\SOFTWARE\XML#str128
   HKU\.DEFAULT\SOFTWARE\XML#str129
   HKU\.DEFAULT\SOFTWARE\XML#dig3
   HKU\.DEFAULT\SOFTWARE\XML#dig21
   HKU\.DEFAULT\SOFTWARE\XML#dig19
   HKU\.DEFAULT\SOFTWARE\XML#dig13
   HKU\S-1-5-18\SOFTWARE\XML
   HKU\S-1-5-18\SOFTWARE\XML#dig15
   HKU\S-1-5-18\SOFTWARE\XML#dig4
   HKU\S-1-5-18\SOFTWARE\XML#dig5
   HKU\S-1-5-18\SOFTWARE\XML#dig20
   HKU\S-1-5-18\SOFTWARE\XML#dig25
   HKU\S-1-5-18\SOFTWARE\XML#str0
   HKU\S-1-5-18\SOFTWARE\XML#str14
   HKU\S-1-5-18\SOFTWARE\XML#dig10
   HKU\S-1-5-18\SOFTWARE\XML#str6
   HKU\S-1-5-18\SOFTWARE\XML#str7
   HKU\S-1-5-18\SOFTWARE\XML#str8
   HKU\S-1-5-18\SOFTWARE\XML#str9
   HKU\S-1-5-18\SOFTWARE\XML#str10
   HKU\S-1-5-18\SOFTWARE\XML#str13
   HKU\S-1-5-18\SOFTWARE\XML#str1
   HKU\S-1-5-18\SOFTWARE\XML#str2
   HKU\S-1-5-18\SOFTWARE\XML#str5
   HKU\S-1-5-18\SOFTWARE\XML#dig7
   HKU\S-1-5-18\SOFTWARE\XML#dig8
   HKU\S-1-5-18\SOFTWARE\XML#dig6
   HKU\S-1-5-18\SOFTWARE\XML#str16
   HKU\S-1-5-18\SOFTWARE\XML#str17
   HKU\S-1-5-18\SOFTWARE\XML#str19
   HKU\S-1-5-18\SOFTWARE\XML#dig18
   HKU\S-1-5-18\SOFTWARE\XML#dig17
   HKU\S-1-5-18\SOFTWARE\XML#str22
   HKU\S-1-5-18\SOFTWARE\XML#str23
   HKU\S-1-5-18\SOFTWARE\XML#str25
   HKU\S-1-5-18\SOFTWARE\XML#str26
   HKU\S-1-5-18\SOFTWARE\XML#dig24
   HKU\S-1-5-18\SOFTWARE\XML#dig23
   HKU\S-1-5-18\SOFTWARE\XML#str130
   HKU\S-1-5-18\SOFTWARE\XML#str15
   HKU\S-1-5-18\SOFTWARE\XML#str128
   HKU\S-1-5-18\SOFTWARE\XML#str129
   HKU\S-1-5-18\SOFTWARE\XML#dig3
   HKU\S-1-5-18\SOFTWARE\XML#dig21
   HKU\S-1-5-18\SOFTWARE\XML#dig19
   HKU\S-1-5-18\SOFTWARE\XML#dig13

Adware.Tracking Cookie
   2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   acvs.mediaonenetwork.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   adimages.scrippsnetworks.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   adknowledge.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   cdn-www.pornhub.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   cdn.eyewonder.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   cdn4.specificclick.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   content.yieldmanager.edgesuite.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   convoad.technoratimedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   core.insightexpressai.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   ec.atdmt.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   files.youporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   googleads.g.doubleclick.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   ia.media-imdb.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   img-cdn.mediaplex.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   interclick.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   m1.2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   m1.au.2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   macromedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media-att.pictela.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media-ti.pictela.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.dyson.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.jambocast.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.monster.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.mtvnservices.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.nintendo.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.scanscout.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.tbo.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media.thewb.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media1.break.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   media10.washingtonpost.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   mediaonenetwork.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   mediaserver.vrxstudios.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   msnbcmedia.msn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   naiadsystems.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   objects.tremormedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   oddcast.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   pornotube.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   s0.2mdn.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   spe.atdmt.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.discoverymedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.sexsearch.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.sexsearchcom.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   static.youporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   traffic.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   udn.specificclick.net [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   vidego.multicastmedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   video.redorbit.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   video.unrulymedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   wdw2.wdpromedia.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   web.adknowledge.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   webmedia.bankofamerica.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.crackle.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.freepornofreeporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.freshteen.biz [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.lottoelite.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.naiadsystems.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornfo.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornhub.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornotube.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.pornprosnetwork.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.porntube.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   www.ziporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]
   wwwstatic.megaporn.com [ C:\Documents and Settings\Michael Coyne\Application Data\Macromedia\Flash Player\#SharedObjects\W4XFX8YN ]

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 06, 2011, 03:09:52 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6281

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/5/2011 9:16:43 PM
mbam-log-2011-04-05 (21-16-43).txt

Scan type: Quick scan
Objects scanned: 203606
Time elapsed: 2 hour(s), 39 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:57:41 PM, on 4/6/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\AOL\1161106650\ee\AOLSoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: 221.135.111.121 download.McAfee.com
O1 - Hosts: 221.135.111.122 download.McAfee.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104163136.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161106650\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn.broadinstitute.org/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} (UVUPlayer Control) - http://www.howardstern.com/install/uvuplayer.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = broadinstitute.org,broadinstitute.org
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = broadinstitute.org,broadinstitute.org
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter hijack: text/html - {f507f800-7767-4acc-a237-7ac6f15bf879} - C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\msmonitor.
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 14029 bytes

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 06, 2011, 05:32:59 PM

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*********************************************
Download Disable/Remove Windows Messenger  (http://www.majorgeeks.com/DisableRemove_Windows_Messenger_d2327.html) to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.
*********************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O1 - Hosts: 221.135.111.121 download.McAfee.com
O1 - Hosts: 221.135.111.122 download.McAfee.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 07, 2011, 05:44:02 PM

Here is the log from the Security Check. I was not able to open the DDS file, each time I attempted to open the file a window popped up asking me which program to use to open the file. I was unsure of which to choose. Thanks!

 Results of screen317's Security Check version 0.99.10 
 Windows XP Service Pack 3 
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 McAfee Internet Security   
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 24 
 Java(TM) SE Runtime Environment 6 Update 1
 Java(TM) 6 Update 2 
 Java(TM) 6 Update 3 
 Java(TM) 6 Update 5 
 Out of date Java installed!
 Adobe Flash Player    10.1.53.64 
Adobe Reader 8.2.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 08, 2011, 12:05:11 PM

Please download  SREng (http://www.kztechs.com/sreng/sreng2.zip)

•   Extract it to Desktop and double click SREngLdr.EXE to run it
  
•   Select System Repair from the left pane.
  
• Click on File  Association
  
• Select all entries that has an Error  status click [Repair]
  
• Refer to this image for an  example:

(http://img.photobucket.com/albums/v666/sUBs/SystemRepair_FileAssocs.gif)

•   In your case, it would be .EXE
  
• Close SREng now.

.
***********************************************
Please try running DDS now.

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 09, 2011, 08:09:36 AM

I ran SREngLdr and the only error was on .SCR files. After clicking 'repair' the error was still present. I attempted to run DDS anyways but still was not able to have any success. I also tried rebooting 2 times and got nowhere.

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 09, 2011, 12:18:51 PM

Download OTL (http://oldtimer.geekstogo.com/OTL.exe)  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 10, 2011, 02:37:51 PM

OTL logfile created on: 4/10/2011 8:48:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Michael Coyne\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 10.51 Gb Free Space | 16.99% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.90% Space Free | Partition Type: FAT32
 
Computer Name: MIKECOYNE | User Name: Michael Coyne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/04/10 08:26:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Coyne\My Documents\Downloads\OTL.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/17 17:15:32 | 001,155,768 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/09 20:24:16 | 000,050,760 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/04/10 08:26:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael Coyne\My Documents\Downloads\OTL.exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (RoxLiveShare9)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 14:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/12/17 18:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/06/19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/17 18:18:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/10/07 04:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/10/07 04:47:55 | 000,266,008 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 04:46:12 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/06/19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 14:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/03/29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/05/17 11:22:42 | 000,057,404 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2007/05/17 11:22:40 | 000,024,209 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/01/18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/30 11:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/06/02 11:02:36 | 000,572,928 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/05/12 16:05:02 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/04/21 13:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/04/20 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/16 00:00:00 | 000,011,648 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ACPIEC.sys -- (ACPIEC)
DRV - [2005/12/22 13:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 16:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 14:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/01/26 12:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/03 19:58:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 21:01:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/06 16:29:26 | 000,000,000 | ---D | M]
 
[2008/06/22 17:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Extensions
[2011/04/09 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions
[2010/07/22 16:32:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/13 15:41:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/26 19:57:39 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\extensions\[email protected]
[2009/12/23 17:06:11 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\searchplugins\AIM Search.xml
[2011/04/09 18:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/10/17 14:52:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/06 16:29:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009/01/08 19:26:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/03 19:58:33 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2004/03/01 14:24:58 | 001,650,688 | ---- | M] (MDL Information Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npchime.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/02/06 21:05:24 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2009/12/23 17:06:11 | 000,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml
[2010/10/11 14:03:54 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
 
O1 HOSTS File: ([2011/04/07 18:55:57 | 000,000,787 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101104163136.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [dcmsvc]  File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe (America Online, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe (SoftThinks)
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Michael Coyne\Start Menu\Programs\StartUp\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab (QuickTime Object)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen10.exe (Reg Error: Key error.)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpn.broadinstitute.org/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {81449547-EB5D-422E-8730-932DC5E412C8} http://www.howardstern.com/install/uvuplayer.cab (UVUPlayer Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{61cf13c9-b86f-11db-bbf3-0018de057ec1}\Shell - "" = AutoRun
O33 - MountPoints2\{61cf13c9-b86f-11db-bbf3-0018de057ec1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61cf13c9-b86f-11db-bbf3-0018de057ec1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{b9cf59d4-40f9-11df-becd-0018de057ec1}\Shell - "" = AutoRun
O33 - MountPoints2\{b9cf59d4-40f9-11df-becd-0018de057ec1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b9cf59d4-40f9-11df-becd-0018de057ec1}\Shell\AutoRun\command - "" = G:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: igfxator - (C:\WINDOWS\system32\dfrgMRT.dll) -  File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {11595080-8E73-46C5-B74F-411E5F229AF5} - Yahoo! Tracking for IE7
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1AFCD067-8356-518B-CC24-D74F79E059C1} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar for Internet Explorer
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{DCF51E21-EE79-410F-9776-FCF0D9963ADF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MKVC - C:\WINDOWS\System32\KMVIDC32.DLL ()
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/08 20:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/04/08 18:52:24 | 001,895,960 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\Michael Coyne\Desktop\SREngLdr.EXE
[2011/04/06 18:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/04/06 17:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Start Menu\Programs\Google Chrome
[2011/04/06 16:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Start Menu\Programs\HiJackThis
[2011/04/06 16:48:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/06 16:40:27 | 000,400,384 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Michael Coyne\Desktop\JavaRa.exe
[2011/04/06 16:33:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/05 17:34:56 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Michael Coyne\Desktop\lala.exe
[2011/04/04 16:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/04/04 16:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/04/03 18:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bonjour
[2011/04/03 18:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/04/03 18:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/04/03 18:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/03 18:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/03 18:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/04/03 18:27:15 | 000,000,000 | ---D | C] -- C:\vongo
[2011/04/03 18:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/04/03 18:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/03 18:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco
[2011/04/03 18:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/04/03 18:27:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
[2011/04/03 18:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2011/04/03 18:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/04/03 18:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Linksys EasyLink Advisor
[2011/04/03 18:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Start Menu\Programs\LimeWire
[2011/04/03 18:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys EasyLink Advisor
[2011/04/03 18:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\muvee Technologies
[2011/04/03 18:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2011/04/03 18:25:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael Coyne\Recent
[2011/04/03 17:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Shared
[2011/04/02 14:56:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Application Data\SUPERAntiSpyware.com
[2011/04/02 14:56:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/02 14:35:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\Application Data\OnlineArmor
[2011/04/02 14:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2011/04/02 14:33:04 | 000,029,464 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/04/02 14:33:04 | 000,025,192 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/04/02 14:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2011/04/02 14:11:33 | 010,793,648 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Michael Coyne\Desktop\SUPERAntiSpyware.exe
[2011/04/02 14:11:31 | 003,050,472 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Michael Coyne\Desktop\ccsetup305.exe
[2011/04/02 14:11:27 | 022,119,848 | ---- | C] (Emsi Software GmbH                                          ) -- C:\Documents and Settings\Michael Coyne\Desktop\OnlineArmorSetup.exe
[2011/04/02 11:28:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael Coyne\My Documents\Sony PMB
[2011/03/22 21:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2011/03/22 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(2)
[2011/03/22 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime(2)
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Michael Coyne\My Documents\*.tmp files -> C:\Documents and Settings\Michael Coyne\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/10 09:32:20 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005UA.job
[2011/04/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2011/04/10 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/04/10 08:55:24 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/04/10 08:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/04/10 07:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/04/10 07:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2011/04/10 06:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/04/10 06:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/04/10 05:46:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2011/04/10 05:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/04/10 05:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2011/04/10 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/04/10 04:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/04/10 03:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/04/10 03:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2011/04/10 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/04/10 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/04/10 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2011/04/10 01:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/04/10 00:41:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/04/10 00:40:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/04/09 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2011/04/09 23:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/04/09 22:57:24 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1D1201B8-736F-4099-95F8-F9DAEDA76682}.job
[2011/04/09 22:55:14 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/09 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/04/09 22:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/04/09 21:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2011/04/09 21:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/04/09 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/04/09 20:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/04/09 19:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2011/04/09 19:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/04/09 18:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/04/09 18:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/04/09 17:32:10 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005Core.job
[2011/04/09 17:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2011/04/09 17:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/04/09 16:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/04/09 16:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/04/09 15:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2011/04/09 15:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/04/09 14:00:01 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/04/09 14:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/04/09 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2011/04/09 13:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/04/09 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/04/09 12:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/04/09 11:00:09 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2011/04/09 11:00:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/04/09 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/04/09 10:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/04/08 21:04:11 | 000,001,554 | ---- | M] () -- C:\hpqp.ini
[2011/04/08 21:01:30 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/04/08 20:57:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 20:51:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 20:51:27 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/07 18:55:57 | 000,000,787 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/07 18:21:55 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\dds.scr
[2011/04/07 18:21:25 | 000,879,081 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\SecurityCheck.exe
[2011/04/06 17:32:30 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\Google Chrome.lnk
[2011/04/06 17:32:30 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/06 16:54:55 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\Shortcut to sniper.exe.lnk
[2011/04/06 16:48:54 | 000,002,000 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.lnk
[2011/04/05 22:49:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/05 17:36:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/04 16:31:21 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/02 14:34:33 | 000,499,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/02 14:34:33 | 000,091,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/02 14:04:22 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.msi
[2011/04/02 14:04:16 | 010,793,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Michael Coyne\Desktop\SUPERAntiSpyware.exe
[2011/04/02 14:03:50 | 003,050,472 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Michael Coyne\Desktop\ccsetup305.exe
[2011/04/02 13:59:56 | 022,119,848 | ---- | M] (Emsi Software GmbH                                          ) -- C:\Documents and Settings\Michael Coyne\Desktop\OnlineArmorSetup.exe
[2011/04/01 15:33:56 | 000,015,314 | -HS- | M] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/04/01 15:33:56 | 000,015,314 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/03/31 17:04:46 | 000,015,218 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kb7bruw3dvw44
[2011/03/31 17:04:45 | 000,015,218 | -HS- | M] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\kb7bruw3dvw44
[2011/03/31 15:56:48 | 000,512,992 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\12345.exe.exe
[2011/03/31 01:42:00 | 000,301,809 | ---- | M] () -- C:\Documents and Settings\Michael Coyne\Desktop\JavaRa.def
[2011/03/30 20:25:48 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Michael Coyne\Desktop\lala.exe
[2011/03/30 19:32:42 | 000,039,048 | ---- | M] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/03/30 19:32:20 | 000,029,464 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2011/03/30 19:32:20 | 000,025,192 | ---- | M] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2011/03/30 19:32:18 | 000,205,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/03/27 15:13:28 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2011/03/21 10:47:18 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Michael Coyne\My Documents\*.tmp files -> C:\Documents and Settings\Michael Coyne\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/07 18:21:51 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\dds.scr
[2011/04/07 18:21:25 | 000,879,081 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\SecurityCheck.exe
[2011/04/06 17:32:30 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\Google Chrome.lnk
[2011/04/06 17:32:30 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/04/06 17:27:04 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005UA.job
[2011/04/06 17:27:03 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005Core.job
[2011/04/06 16:54:55 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\Shortcut to sniper.exe.lnk
[2011/04/06 16:48:54 | 000,002,000 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.lnk
[2011/04/06 16:40:44 | 000,301,809 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\JavaRa.def
[2011/04/05 17:36:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/04 16:31:21 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/02 14:33:04 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/04/02 14:33:03 | 000,205,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/02 14:11:35 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\HiJackThis.msi
[2011/04/02 13:44:38 | 2137,051,136 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/31 17:04:45 | 000,015,218 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kb7bruw3dvw44
[2011/03/31 17:04:44 | 000,015,218 | -HS- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\kb7bruw3dvw44
[2011/03/31 15:57:55 | 000,512,992 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Desktop\12345.exe.exe
[2011/03/30 16:44:30 | 000,015,314 | -HS- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/03/30 16:44:30 | 000,015,314 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
[2011/03/27 15:11:58 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNUnInstall.MIF
[2010/05/22 19:23:35 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/17 16:37:31 | 000,056,600 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/04 23:30:34 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/04/04 23:30:34 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/04/04 23:30:14 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/04/04 23:30:14 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/04/04 23:30:12 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/04/04 23:30:11 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/02/12 04:06:01 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/19 19:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 19:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/06 17:08:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/03/26 17:08:23 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/03/18 15:26:31 | 000,006,189 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\PrimoPDFSet.xml
[2008/03/18 15:26:31 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\APUSet.xml
[2008/03/18 15:23:55 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/06/28 17:09:04 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2007/06/18 23:13:02 | 000,760,531 | ---- | C] () -- C:\WINDOWS\System32\avformat-51.dll
[2007/06/18 23:12:56 | 000,097,358 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll
[2007/06/18 17:56:40 | 002,041,856 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll
[2007/06/18 17:56:02 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\swscale-0.dll
[2007/04/29 19:53:53 | 000,001,248 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/04/07 15:10:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Application Data\wklnhst.dat
[2007/02/26 08:23:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/02/14 21:02:05 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2006/11/23 12:25:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2006/11/10 11:51:08 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/03 21:36:55 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/11/03 19:42:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/10/18 04:19:42 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\fusioncache.dat
[2006/10/17 21:03:17 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/10/17 15:09:12 | 000,238,592 | ---- | C] () -- C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/17 14:52:16 | 000,003,257 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/10/17 13:35:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/17 13:35:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/08 05:12:39 | 000,000,219 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/08 05:08:19 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/08 05:08:19 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/08 04:53:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/08 04:40:23 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/29 15:18:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/29 15:18:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/29 14:49:18 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/06/29 14:46:56 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/06/29 14:43:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/06/29 14:27:08 | 000,499,574 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/29 14:27:08 | 000,091,016 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/29 14:18:06 | 000,282,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 14:13:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/29 14:08:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/16 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/16 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/16 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/16 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/16 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/16 00:00:00 | 000,011,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\acpiec.sys
[2006/03/16 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/16 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/16 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/03/04 03:07:34 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/31 11:43:32 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2005/05/06 14:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 17:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 17:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997/06/25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
 
========== LOP Check ==========
 
[2009/12/23 17:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/01/25 21:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
[2009/12/02 17:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/07/14 12:02:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2007/05/21 14:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GraphPad Software
[2007/07/02 13:06:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/04/06 18:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/02/09 07:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pMiEkOh06511
[2011/02/16 07:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pNnIhEc06511
[2007/04/09 22:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Game

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 10, 2011, 02:38:36 PM

OTL Extras logfile created on: 4/10/2011 8:48:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Michael Coyne\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 61.83 Gb Total Space | 10.51 Gb Free Space | 16.99% Space Free | Partition Type: NTFS
Drive D: | 11.67 Gb Total Space | 1.39 Gb Free Space | 11.90% Space Free | Partition Type: FAT32
 
Computer Name: MIKECOYNE | User Name: Michael Coyne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.scr [@ = scrfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"62515:UDP" = 62515:UDP:*:Enabled:Broad
"10000:TCP" = 10000:TCP:*:Enabled:Broad
"4500:UDP" = 4500:UDP:*:Enabled:Broad1
"500:UDP" = 500:UDP:*:Enabled:Broad2
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1161106650\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\1161106650\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1161106650\ee\aim6.exe:*:Enabled:AIM -- (America Online, Inc.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\MicroProse\Worms2\frontend.exe" = C:\MicroProse\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend
"C:\Program Files\HP Games\JEOPARDY\JEOPARDY!.exe" = C:\Program Files\HP Games\JEOPARDY\JEOPARDY!.exe:*:Enabled:JEOPARDY!
"C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe" = C:\Program Files\HP Games\Wheel of Fortune\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:Framework Service
"C:\Program Files\Beacon Designer 7.0\jre\bin\javaw.exe" = C:\Program Files\Beacon Designer 7.0\jre\bin\javaw.exe:*:Enabled:javaw
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Joost\xulrunner\tvprunner.exe" = C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010977DE-35D4-4F21-9BFB-0CFE7DF3848D}" = MxPro
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 D3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{355FADAF-55C4-4E08-88D4-A86C4CA6930C}" = HP Wireless Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe  1.4.105.1
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A27D738D-41C1-4F52-BB28-FD4139B49B2B}" = Air Cam
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EAC263B7-241A-483E-A6F2-7FC4F33BD533}" = AERIS Computer Interface 2.x
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext
"31BE0B185D40E37BF8199C5044B289D5A7930AF 3" = Windows Driver Package - FTDI (FTDIBUS) USB  (04/16/2004 1.00.2154)
"6E2662A83E8EFD0F397A2CB1AC4F529B7DFF7B4 C" = Windows Driver Package - FTDI (FTSER2K) Ports  (04/16/2004 1.00.2154)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AutoComplete ActiveX Control" = AutoComplete ActiveX Control
"BeerSmith" = BeerSmith Brewing Software
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"com.warnerbros.DigitalCopyManager.449F6 6ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Data File Editor" = Data File Editor
"dcmsvc_is1" = dcmsvc 1.0
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0033)
"FTDICOMM" = USB Download Interface Driver
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Lexmark 730 Series" = Lexmark 730 Series
"LG USB Drivers" = LG USB Drivers
"LimeWire" = LimeWire 4.16.6
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"SecureCRT" = VanDyke Software SecureCRT 5.2
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 4/7/2011 7:39:26 PM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 3448 (0xd78)    Thread address : 0x1204856E    Thread message :      Build VSCORE.14.2.0.794
 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
 Coyne\My Documents\Downloads\jxpiinstall.exe   by C:\Program Files\Mozilla Firefox\firefox.exe

 4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)

 
Error - 4/8/2011 4:55:20 PM | Computer Name = MIKECOYNE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3888, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 4/8/2011 5:19:55 PM | Computer Name = MIKECOYNE | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
 
Error - 4/8/2011 6:01:30 PM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 3004 (0xbbc)    Thread address : 0x7C90E514    Thread message :      Build VSCORE.14.2.0.794
 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\WINDOWS\Tasks\At19.job

 by C:\WINDOWS\System32\svchost.exe   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)

 7004(0)(0)   5006(0)(0)   5004(0)(0) 
 
Error - 4/8/2011 6:44:39 PM | Computer Name = MIKECOYNE | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3888, faulting
 module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.
 
Error - 4/8/2011 9:12:47 PM | Computer Name = MIKECOYNE | Source = Application Error | ID = 1000
Description = Faulting application jusched.exe, version 2.0.3.1, faulting module
 user32.dll, version 5.1.2600.5512, fault address 0x000187f1.
 
Error - 4/9/2011 10:04:06 AM | Computer Name = MIKECOYNE | Source = MsiInstaller | ID = 11706
Description = Product: Cisco Systems VPN Client 5.0.03.0560 -- Error 1706. No valid
 source could be found for product Cisco Systems VPN Client 5.0.03.0560.  Windows
 Installer cannot continue.
 
Error - 4/9/2011 10:41:52 AM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 3196 (0xc7c)    Thread address : 0x12041363    Thread message :      Build VSCORE.14.2.0.794
 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
 Coyne\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\Cache\225E4F60d01

 by C:\Program Files\Mozilla Firefox\firefox.exe   4(15)(0)   4(15)(0)   7200(15)(0)   7595(15)(0)

 7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0) 
 
Error - 4/10/2011 8:27:59 AM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 4660 (0x1234)    Thread address : 0x12040D5B    Thread message :      Build VSCORE.14.2.0.794
 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
 Coyne\Local Settings\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\Cache\DA761E44d01

 by C:\Program Files\Mozilla Firefox\firefox.exe   4(16)(0)   4(16)(0)   7200(16)(0)   7595(16)(0)

 7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0) 
 
Error - 4/10/2011 8:40:36 AM | Computer Name = MIKECOYNE | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 7696 (0x1e10)    Thread address : 0x1204141A    Thread message :      Build VSCORE.14.2.0.794
 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Documents and Settings\Michael
 Coyne\My Documents\Downloads\jxpiinstall.exe   by C:\WINDOWS\Explorer.EXE   4(0)(0)

 4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0) 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 1/18/2011 5:18:17 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::main File: .\VpnMgr.cpp Line: 1556 Invoked Function:
 IHostMgr::enableHostMgr Return Code: -32964593 (0xFE09000F) Description: VAMGR_ERROR_ENABLE_VA_FAILED

 
Error - 1/18/2011 5:18:17 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67110873
Description = Termination reason code 13: Unable to start VA, setup shared queue,
 or VA gave up on shared queue.
 
Error - 1/18/2011 5:18:18 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::launchCachedDownloader File: .\ConnectMgr.cpp
Line:
 4967 Invoked Function: ConnectMgr :: launchCachedDownloader Return Code: 3 (0x00000003)
Description:
 Cached Downloader terminated abnormally
 
Error - 1/18/2011 5:18:20 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1672
Invoked
 Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED
 
Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVirtualAdapter::EnableVA File: .\WindowsVirtualAdapter.cpp
Line:
 2007 Invoked Function: CWindowsVirtualAdapter::GetConnName Return Code: -33554423
 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Unable to obtain an interface name
 after 20 tries
 
Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVAMgr::enableHostMgr File: .\VAMgr.cpp Line: 394 Invoked Function:
 EnableVA Return Code: 0 (0x00000000) Description: unknown
 
Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::main File: .\VpnMgr.cpp Line: 1556 Invoked Function:
 IHostMgr::enableHostMgr Return Code: -32964593 (0xFE09000F) Description: VAMGR_ERROR_ENABLE_VA_FAILED

 
Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnagent | ID = 67110873
Description = Termination reason code 13: Unable to start VA, setup shared queue,
 or VA gave up on shared queue.
 
Error - 1/18/2011 5:19:37 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::launchCachedDownloader File: .\ConnectMgr.cpp
Line:
 4967 Invoked Function: ConnectMgr :: launchCachedDownloader Return Code: 3 (0x00000003)
Description:
 Cached Downloader terminated abnormally
 
Error - 1/18/2011 5:19:40 PM | Computer Name = MIKECOYNE | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1672
Invoked
 Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED
 
[ System Events ]
Error - 4/10/2011 12:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 12:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At37.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 1:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 1:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At38.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 2:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 2:00:01 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At39.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 3:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 3:00:01 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At40.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 4:00:00 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error:   %%2147942402
 
Error - 4/10/2011 4:00:01 PM | Computer Name = MIKECOYNE | Source = Schedule | ID = 7901
Description = The At41.job command failed to start due to the following error:   %%2147942402
 
 
< End of report >

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 10, 2011, 07:05:53 PM

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [dcmsvc]  File not found

:files
C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:folders
C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc
C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
**************************************************************
P2P - I see you have P2P software installed on your machine (LimeWire). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*********************************************
Please read here for more information about WildTangent (http://it.toolbox.com/blogs/enterprise-solutions/question-of-the-week-is-wildtanget-actually-spyware-6472). Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driveror anything related to WildTangent.
**************************************************
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless (http://www.greatis.com/appdata/u/v/viewmgr.exe.htm)
* Viewpoint to Plunge Into Adware (http://www.clickz.com/news/article.php/3561546/)

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

You can also uninstall Java(TM) 6 Update 2, Java(TM) 6 Update 3 and Java(TM) 6 Update 5.
They are no longer needed.
******************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see  How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 12, 2011, 02:41:50 PM

Here are the OTL results. ComboFix ran overnight and never produced a log. It appeared that my computer rebooted at some point because the login screen was up this afternoon. I AM able to run DDS right now and I will post those results as soon as they come up. Thanks!

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dcmsvc deleted successfully.
========== FILES ==========
C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
Error: Unable to interpret <:folders> in the current context!
Error: Unable to interpret <C:\Documents and Settings\Michael Coyne\Local Settings\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Application Data\2ffiof2es346vo2713f7u80b4q5alajxki8nutmnjc> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 38784 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Flash cache emptied: 348 bytes
 
User: Michael Coyne
->Temp folder emptied: 15207165 bytes
->Temporary Internet Files folder emptied: 2766647 bytes
->Java cache emptied: 99856344 bytes
->FireFox cache emptied: 68907033 bytes
->Google Chrome cache emptied: 8266419 bytes
->Flash cache emptied: 4029 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26127576 bytes
->Flash cache emptied: 907 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1804537 bytes
%systemroot%\System32 .tmp files removed: 4637201 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145352 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 80201628 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 28672 bytes
 
Total Files Cleaned = 294.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04112011_171547

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 13, 2011, 01:38:06 PM

Unfortunately the same thing happened overnight with the DDS program. Any suggestions at this point?

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 13, 2011, 05:46:28 PM

Please forget about DDS for the moment and try to download and run ComboFix.

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 15, 2011, 01:54:07 PM

ComboFix 11-04-14.01 - Michael Coyne 04/14/2011  20:00:13.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1470 [GMT -4:00]
Running from: c:\documents and settings\Michael Coyne\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Adobe Systems
c:\documents and settings\All Users\Application Data\Adobe Systems\Product licenses\B2B86000.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
c:\documents and settings\All Users\invokesi.exe
c:\documents and settings\Michael Coyne\GoToAssistDownloadHelper.exe
c:\documents and settings\Michael Coyne\WINDOWS
c:\program files\Shared
c:\windows\system32\Cache
c:\windows\system32\regobj.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-15 to 2011-04-15  )))))))))))))))))))))))))))))))
.
.
2011-04-11 21:15 . 2011-04-11 21:15   --------   d-----w-   C:\_OTL
2011-04-06 22:01 . 2011-04-06 22:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2011-04-06 20:49 . 2011-04-06 20:49   388096   ----a-r-   c:\documents and settings\Michael Coyne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-06 20:48 . 2011-04-06 20:48   --------   d-----w-   c:\program files\Trend Micro
2011-04-06 20:29 . 2011-02-03 01:40   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-06 20:29 . 2011-02-03 01:40   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-04-04 20:33 . 2011-04-04 20:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-03 22:33 . 2011-04-03 22:33   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-04-03 22:31 . 2011-04-03 22:31   --------   d-----w-   c:\program files\QuickTime
2011-04-03 22:30 . 2011-04-03 22:30   --------   d-----w-   c:\program files\iPod
2011-04-03 22:30 . 2011-04-03 22:31   --------   d-----w-   c:\program files\iTunes
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   C:\vongo
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2011-04-03 22:27 . 2011-04-03 22:32   --------   d-----w-   c:\program files\Bonjour
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   c:\program files\Cisco
2011-04-03 22:27 . 2011-04-03 22:27   --------   d-----w-   c:\program files\Common Files\Deterministic Networks
2011-04-03 22:26 . 2011-04-11 22:24   --------   d-----w-   c:\program files\LimeWire
2011-04-03 22:26 . 2011-04-03 22:26   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Gtek
2011-04-03 22:26 . 2011-04-03 22:26   --------   d-----w-   c:\program files\Linksys EasyLink Advisor
2011-04-03 22:25 . 2011-04-03 22:26   --------   d-----w-   c:\program files\Common Files\muvee Technologies
2011-04-02 18:56 . 2011-04-02 18:56   --------   d-----w-   c:\documents and settings\Michael Coyne\Application Data\SUPERAntiSpyware.com
2011-04-02 18:56 . 2011-04-04 20:31   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-04-02 18:35 . 2011-04-02 18:36   --------   d-----w-   c:\documents and settings\Michael Coyne\Application Data\OnlineArmor
2011-04-02 18:33 . 2011-03-30 23:32   39048   ----a-w-   c:\windows\system32\drivers\oahlp32.sys
2011-04-02 18:33 . 2011-03-30 23:32   29464   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2011-04-02 18:33 . 2011-03-30 23:32   25192   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2011-04-02 18:33 . 2011-03-30 23:32   205992   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2011-04-02 18:32 . 2011-04-03 19:39   --------   d-----w-   c:\program files\Online Armor
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-03-16 04:00   692736   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-03-16 04:00   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2006-03-16 04:00   1857920   ----a-w-   c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2006-03-16 04:00   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2006-03-16 04:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2006-03-16 04:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2006-03-16 04:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-02-17 13:18 . 2005-01-19 12:26   455936   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2005-05-10 08:17   357888   ----a-w-   c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-04-16 09:47   5120   ----a-w-   c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2006-03-16 04:00   290432   ----a-w-   c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2008-08-24 22:12   229888   ----a-w-   c:\windows\system32\fxscover.exe
2011-02-08 13:33 . 2006-03-16 04:00   978944   ----a-w-   c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2006-03-16 04:00   974848   ----a-w-   c:\windows\system32\mfc42u.dll
2011-02-04 22:48 . 2006-03-04 07:08   456192   ----a-w-   c:\windows\system32\encdec.dll
2011-02-04 22:48 . 2006-03-16 04:00   291840   ----a-w-   c:\windows\system32\sbe.dll
2011-02-02 23:19 . 2007-05-02 01:52   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2006-03-16 04:00   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2006-03-16 04:00   677888   ----a-w-   c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2006-03-16 04:00   439296   ----a-w-   c:\windows\system32\shimgvw.dll
2010-10-14 02:28 . 2010-10-15 06:39   24376   ----a-w-   c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-08 68856]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"Google Update"="c:\documents and settings\Michael Coyne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-17 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-07-13 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"HostManager"="c:\program files\Common Files\AOL\1161106650\ee\AOLSoftware.exe" [2006-05-10 50760]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-06 94208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
Script execution time was exceeded on script "c:\combofix\lnkread.vbs".
Script execution was terminated.
.
c:\documents and settings\Michael Coyne\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161106650\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1161106650\\ee\\aim6.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"62515:UDP"= 62515:UDP:Broad
"10000:TCP"= 10000:TCP:Broad
"4500:UDP"= 4500:UDP:Broad1
"500:UDP"= 500:UDP:Broad2
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 136176]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam  ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-10-14 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-14 84072]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-10-14 88544]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:34]
.
2011-04-14 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-03-16 00:12]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 06:11]
.
2011-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 06:11]
.
2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005Core.job
- c:\documents and settings\Michael Coyne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 06:11]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1861077080-2503165265-793183238-1005UA.job
- c:\documents and settings\Michael Coyne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-04-06 06:11]
.
2011-04-15 c:\windows\Tasks\User_Feed_Synchronization-{1D1201B8-736F-4099-95F8-F9DAEDA76682}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.broadinstitute.org/CACHE/stc/1/binaries/vpnweb.cab
DPF: {81449547-EB5D-422E-8730-932DC5E412C8} - hxxp://www.howardstern.com/install/uvuplayer.cab
FF - ProfilePath - c:\documents and settings\Michael Coyne\Application Data\Mozilla\Firefox\Profiles\9uh2qin3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
AddRemove-dcmsvc_is1 - c:\program files\dcmsvc\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 21:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???`P??????g?@?????L?@
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(5532)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2011-04-14  22:56:37 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-15 02:55
.
Pre-Run: 11,275,251,712 bytes free
Post-Run: 11,262,693,376 bytes free
.
- - End Of File - - 0D7AE01B04AEAA6EEB90EF29C3672338

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 16, 2011, 12:48:28 PM

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 16, 2011, 03:06:41 PM

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A1FD4000
Module End: A20AA000
Hidden: Yes

Module Name: \??\C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\catchme.sys
Service Name: catchme
Module Base: F783F000
Module End: F7847000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: F7A47000
Module End: F7A49000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwYieldExecution
At Address: 80504B08
Jump To: F719A164
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwUnmapViewOfSection
At Address: 805B2E48
Jump To: F719A190
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwTerminateProcess
At Address: 805D29E2
Jump To: F719A1A4
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetValueKey
At Address: 80622662
Jump To: F719A13A
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwSetSecurityObject
At Address: 805C062E
Jump To: F719A150
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRenameKey
At Address: 80623B12
Jump To: F719A10E
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenThread
At Address: 805CB6CC
Jump To: F719A0BC
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenProcess
At Address: 805CB440
Jump To: F719A0A8
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwOpenKey
At Address: 806254CE
Jump To: F719A0D0
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwMapViewOfSection
At Address: 805B203A
Jump To: F719A17A
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteValueKey
At Address: 8062475C
Jump To: F719A124
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteKey
At Address: 8062458C
Jump To: F719A0F8
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwCreateKey
At Address: 806240F0
Jump To: F719A0E4
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\ffa4a94764f65568af221bcd6ed00d57\update\update.exe
Status: Access denied

Object: C:\ffa4a94764f65568af221bcd6ed00d57\update\updspapi.dll
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 16, 2011, 06:46:08 PM

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
 ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
  

•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: MAneedshelp on April 18, 2011, 08:16:33 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=7decb2cbc2b65e4197eb2141c3f1522b
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-19 12:53:52
# local_time=2011-04-18 08:53:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 843393 843393 0 0
# compatibility_mode=5121 16777173 100 75 1092715 30792013 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109203
# found=2
# cleaned=2
# scan_time=35359
C:\Documents and Settings\Michael Coyne\My Documents\My Music\04 Track 4.wma   Win32/Adware.180Solutions application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Documents and Settings\Michael Coyne\My Documents\My Music\Adobe Photoshop CS Activator.exe   probably a variant of Win32/TrojanDownloader.Agent.IPGQQOF trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

Title: Re: Log Files of an infected laptop...any/all help GREATLY appreciated
Post by: SuperDave on April 19, 2011, 01:25:05 PM

That looks good. If there are no other issues, we can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
************************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.

----------

I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)

Check out Keeping Yourself Safe On The Web  (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!