search engine redirect

Dell Dell 30 watt 2 prong ac adapter for...
February 12, 2010 at 18:06:29
Specs: Windows XP
hi ive sifted through the site and i apparently see that everyone else has this redirect thingy problem. i suck with computers and ive tried using superantispyware and yes it worked for a total of three days untill the problem came back. im really sick of it and its making me mad. i have mcaffe security too and it really does nothing at all. ive tried scanning my computer and nothing comes up. so please help me. oh ad i figured out that when i click on the link like facebook it redirects me but if i click the back button and click on facebook again, itll take me to facebook. not sure if this helps at all but really i do suck with computers which you can probably tell from my lack of knowledge. uh and in the subject it says something about a dell prong thing but please ignore that. id dint know how to get rid of it.....oh and uhm im running on an dell mini inspiron 9

yours truly,
sick and tired


See More: search engine redirect

Report •


#1
February 12, 2010 at 18:18:16
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

* Save both reports to your desktop then post them please.


Report •

#2
February 12, 2010 at 18:36:53

DDS (Ver_09-12-01.01) - NTFSx86
Run by Erica Hong at 18:29:57.89 on Fri 02/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.404 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\WSED\WSED.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell\Media Experience\PCMAgent.exe
C:\Program Files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Dell\PlayMovie\PMVService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Erica Hong\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [<NO NAME>]
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PCMAgent] "c:\program files\dell\media experience\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\dell\media experience\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\dell\playmovie\PMVService.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
StartupFolder: c:\docume~1\ericah~1\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 93.188.162.211,93.188.161.45
TCP: {BD62BFE7-E5F4-45A8-877C-5964DDE961A8} = 93.188.162.211,93.188.161.45
TCP: {F8863CB6-5239-4A78-9B6F-CDD5D6B2AFAE} = 93.188.162.211,93.188.161.45
Notify: igdlogin - igdlogin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-12-22 14248]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-22 214664]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-12-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-22 144704]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-12-22 143840]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-12-22 93952]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-12-22 5097632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-22 110080]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-22 40552]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-12-22 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-12-22 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-12-22 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-12-22 157696]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-22 1684736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-22 34248]

=============== Created Last 30 ================

2010-02-12 03:59:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-08 23:25:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-08 23:24:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-08 23:24:47 0 d-----w- c:\docume~1\ericah~1\applic~1\SUPERAntiSpyware.com
2010-02-07 06:15:53 0 d-----w- c:\docume~1\ericah~1\applic~1\Malwarebytes
2010-02-07 06:15:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-06 02:43:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Musicnotes
2010-01-23 02:58:06 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2010-01-23 02:35:44 0 d-----w- c:\program files\IrfanView
2010-01-21 21:51:33 0 d-----w- c:\docume~1\ericah~1\applic~1\Reallusion
2010-01-21 21:31:20 0 d-----w- c:\docume~1\ericah~1\applic~1\Windows Live Writer

==================== Find3M ====================

2010-02-13 02:21:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-02-13 02:21:27 51200 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-11 03:12:10 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-01-09 19:48:59 51200 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-09 19:44:43 2164 ----a-w- c:\docume~1\ericah~1\applic~1\install.dat
2009-12-23 00:42:51 77824 ----a-w- c:\windows\setpwr32.exe
2009-12-23 00:41:17 4909 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1010.mrk
2009-12-22 23:17:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-22 23:16:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 18:31:28.12 ===============


heres the other one


DDS (Ver_09-12-01.01) - NTFSx86
Run by Erica Hong at 18:29:57.89 on Fri 02/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.404 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\Program Files\WSED\WSED.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\Program Files\Dell\Media Experience\PCMAgent.exe
C:\Program Files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Dell\PlayMovie\PMVService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Erica Hong\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uSearch Page = hxxp://www.live.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [<NO NAME>]
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PCMAgent] "c:\program files\dell\media experience\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\dell\media experience\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\dell\playmovie\PMVService.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
StartupFolder: c:\docume~1\ericah~1\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 93.188.162.211,93.188.161.45
TCP: {BD62BFE7-E5F4-45A8-877C-5964DDE961A8} = 93.188.162.211,93.188.161.45
TCP: {F8863CB6-5239-4A78-9B6F-CDD5D6B2AFAE} = 93.188.162.211,93.188.161.45
Notify: igdlogin - igdlogin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-12-22 14248]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-12-22 214664]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2009-6-9 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-12-22 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-22 144704]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-12-22 143840]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-12-22 93952]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2009-12-22 5097632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-12-22 110080]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-22 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-22 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-22 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-22 40552]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2009-12-22 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2009-12-22 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2009-12-22 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-12-22 157696]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-22 1684736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-22 34248]

=============== Created Last 30 ================

2010-02-12 03:59:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-08 23:25:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-08 23:24:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-08 23:24:47 0 d-----w- c:\docume~1\ericah~1\applic~1\SUPERAntiSpyware.com
2010-02-07 06:15:53 0 d-----w- c:\docume~1\ericah~1\applic~1\Malwarebytes
2010-02-07 06:15:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-06 02:43:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Musicnotes
2010-01-23 02:58:06 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2010-01-23 02:35:44 0 d-----w- c:\program files\IrfanView
2010-01-21 21:51:33 0 d-----w- c:\docume~1\ericah~1\applic~1\Reallusion
2010-01-21 21:31:20 0 d-----w- c:\docume~1\ericah~1\applic~1\Windows Live Writer

==================== Find3M ====================

2010-02-13 02:21:31 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-02-13 02:21:27 51200 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-11 03:12:10 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-01-09 19:48:59 51200 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-09 19:44:43 2164 ----a-w- c:\docume~1\ericah~1\applic~1\install.dat
2009-12-23 00:42:51 77824 ----a-w- c:\windows\setpwr32.exe
2009-12-23 00:41:17 4909 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1010.mrk
2009-12-22 23:17:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-22 23:16:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 18:31:28.12 ===============


Report •

#3
February 12, 2010 at 18:48:44
You posted the same log twice, please post the other log.

Remember..your McAfee antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

Related Solutions

#4
February 12, 2010 at 18:51:34

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 1/9/2010 9:46:37 AM
System Uptime: 2/12/2010 6:20:54 PM (0 hours ago)

Motherboard: Dell Inc. | | 0R990K
Processor: Intel(R) Atom(TM) CPU Z520 @ 1.33GHz | U3E1 | 1330/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 139 GiB total, 128.36 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 1/9/2010 9:46:43 AM - System Checkpoint
RP2: 1/9/2010 9:58:50 AM - Software Distribution Service 3.0
RP3: 1/9/2010 10:10:56 AM - Software Distribution Service 3.0
RP4: 1/9/2010 11:55:06 AM - Removed LoJack Factory Installer
RP5: 1/9/2010 6:49:09 PM - Software Distribution Service 3.0
RP6: 1/9/2010 6:55:22 PM - Software Distribution Service 3.0
RP7: 1/9/2010 11:31:30 PM - Software Distribution Service 3.0
RP8: 1/10/2010 12:07:56 PM - Software Distribution Service 3.0
RP9: 1/12/2010 10:11:10 PM - Software Distribution Service 3.0
RP10: 1/14/2010 9:21:22 PM - System Checkpoint
RP11: 1/19/2010 9:29:16 PM - Software Distribution Service 3.0
RP12: 1/21/2010 5:16:42 PM - System Checkpoint
RP13: 1/22/2010 2:09:35 PM - Software Distribution Service 3.0
RP14: 1/26/2010 8:13:20 PM - System Checkpoint
RP15: 1/28/2010 6:21:17 PM - System Checkpoint
RP16: 1/29/2010 9:01:38 PM - System Checkpoint
RP17: 1/31/2010 9:38:15 PM - System Checkpoint
RP18: 2/2/2010 9:00:26 PM - System Checkpoint
RP19: 2/8/2010 3:24:46 PM - Installed SUPERAntiSpyware Free Edition
RP20: 2/12/2010 6:25:28 PM - Removed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Advanced Audio FX Engine
Battery Meter
CapsLKNotify
CyberLink PowerDVD 8.0 SE
Dell Dock
Dell Media Experience
Dell Support Center (Support Software)
Dell System Restore
Dell Webcam Central
Dell Wireless WLAN Card Utility
EMSC
ETDWare PS/2-x86 7.0.4.9_WHQL
Function Keys
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Integrated Webcam Driver (1.01.01.0116)
Java(TM) 6 Update 16
Junk Mail filter update
Korean Language Support
Live! Cam Avatar Creator
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Multi-Touch Gestures Demo
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Segoe UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WinRAR archiver
WSED
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/8/2010 9:23:15 PM, error: PSched [14103] - QoS [Adapter {BD62BFE7-E5F4-45A8-877C-5964DDE961A8}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
2/8/2010 2:36:50 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/8/2010 2:36:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
2/12/2010 6:25:39 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/12/2010 6:11:19 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
2/10/2010 6:14:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
2/10/2010 6:14:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.

==== End Of File ===========================


Report •

#5
February 12, 2010 at 19:30:15
ComboFix 10-02-12.01 - Erica Hong 02/12/2010 19:16:33.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.446 [GMT -8:00]
Running from: c:\documents and settings\Erica Hong\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Erica Hong\Application Data\install.dat
c:\windows\system32\config\system~1\applic~1\install.dat
c:\windows\system32\config\systemprofile\Application Data\install.dat
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-12 03:59 . 2010-02-12 03:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-08 23:25 . 2010-02-08 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-08 23:24 . 2010-02-13 02:25 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\SUPERAntiSpyware.com
2010-02-08 23:24 . 2010-02-13 02:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-07 06:15 . 2010-02-07 06:15 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Malwarebytes
2010-02-07 06:15 . 2010-02-07 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-06 02:43 . 2010-02-06 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-02-06 01:49 . 2010-02-06 01:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-02-06 01:47 . 2010-02-06 01:47 -------- d-----w- c:\windows\Sun
2010-01-31 21:19 . 2005-06-06 18:29 110592 ----a-w- c:\documents and settings\Erica Hong\Application Data\U3\temp\cleanup.exe
2010-01-31 20:22 . 2010-01-31 21:19 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\U3
2010-01-23 02:58 . 1994-11-18 09:00 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2010-01-23 02:35 . 2010-02-11 02:17 -------- d-----w- c:\program files\IrfanView
2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Reallusion
2010-01-21 21:45 . 2010-01-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-01-21 21:40 . 2010-01-21 21:40 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Creative
2010-01-21 21:31 . 2010-01-21 21:31 -------- d-----w- c:\documents and settings\Erica Hong\Local Settings\Application Data\Windows Live Writer
2010-01-21 21:31 . 2010-01-21 21:31 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Live Writer
2010-01-20 03:48 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 02:21 . 2010-01-11 03:11 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-02-13 02:21 . 2010-01-09 19:52 51200 ----a-w- c:\windows\system32\rpcnet.dll
2010-02-08 17:18 . 2010-01-09 17:47 50552 ----a-w- c:\documents and settings\Erica Hong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-21 00:44 . 2009-12-22 23:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 23:53 . 2009-12-22 23:42 -------- d-----w- c:\program files\McAfee
2010-01-11 03:12 . 2010-01-11 03:12 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-01-10 20:13 . 2009-12-22 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-10 07:35 . 2009-12-22 23:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-09 22:10 . 2009-12-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-09 19:55 . 2009-12-22 23:27 -------- d-----w- c:\program files\LFLInstall
2010-01-09 19:48 . 2010-01-09 19:52 51200 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-09 19:48 . 2010-01-09 19:47 10892320 ----a-w- c:\documents and settings\Erica Hong\Application Data\Absolute\InstallManager\setup.exe
2010-01-09 19:46 . 2010-01-09 19:44 11152896 ----a-w- c:\documents and settings\Erica Hong\Application Data\Absolute\InstallManager\LoJackInstaller.exe
2010-01-09 19:44 . 2010-01-09 19:44 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Absolute
2010-01-09 18:41 . 2009-12-22 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-01-09 17:54 . 2010-01-09 17:54 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Search
2010-01-09 17:48 . 2010-01-09 17:48 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Dell
2009-12-23 00:42 . 2009-12-23 00:42 77824 ----a-w- c:\windows\setpwr32.exe
2009-12-23 00:41 . 2009-12-23 00:41 4909 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1010.mrk
2009-12-22 23:40 . 2009-12-22 23:20 -------- d-----w- c:\program files\Dell
2009-12-22 23:39 . 2009-12-22 23:36 -------- d-----w- c:\program files\Windows Live
2009-12-22 23:39 . 2009-12-22 23:39 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-22 23:38 . 2009-12-22 23:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-22 23:37 . 2009-12-22 23:37 -------- d-----w- c:\program files\Microsoft
2009-12-22 23:36 . 2009-12-22 23:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-22 23:33 . 2009-12-22 23:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-22 23:33 . 2009-12-22 23:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:33 . 2009-12-22 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-22 23:33 . 2009-12-22 23:16 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-22 23:33 . 2010-01-09 17:47 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\PowerCinema
2009-12-22 23:33 . 2010-01-09 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PowerCinema
2009-12-22 23:31 . 2009-12-22 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-12-22 23:31 . 2009-12-22 23:31 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-12-22 23:31 . 2009-12-22 23:31 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-12-22 23:28 . 2009-12-22 23:28 75 --sh--r- c:\windows\CT4CET.bin
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Common Files\Reallusion
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Dell Webcam
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Creative
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Creative Live! Cam
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\program files\Dell Support Center
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\program files\Common Files\supportsoft
2009-12-22 23:25 . 2009-12-22 23:25 -------- d-----w- c:\program files\Microsoft.NET
2009-12-22 23:22 . 2009-12-22 23:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 23:22 . 2009-12-22 23:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 23:21 . 2009-12-23 04:56 -------- d-----w- c:\program files\Elantech
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\program files\CapsLKNotify
2009-12-22 23:20 . 2010-01-09 17:47 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\InstallShield
2009-12-22 23:20 . 2010-01-09 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2009-12-22 23:20 . 2009-12-22 23:20 -------- d-----w- c:\program files\CyberLink
2009-12-22 23:20 . 2009-12-22 23:20 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{CBC1172F-1253-4844-A50C-B8C9981FE962}\PostBuild.exe
2009-12-22 23:20 . 2009-12-22 23:20 -------- d-----w- c:\program files\Function Keys
2009-12-22 23:19 . 2009-12-22 23:19 -------- d-----w- c:\program files\Battery Meter
2009-12-22 23:18 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\XP32
2009-12-22 23:17 . 2009-12-22 23:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Win764
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Win732
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Vista64
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Vista32
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\program files\WSED
2009-12-22 23:16 . 2009-12-22 23:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 23:16 . 2009-12-22 23:16 -------- d-----w- c:\program files\Java
2009-12-22 23:16 . 2009-12-22 23:15 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-22 23:15 . 2010-01-09 17:47 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Desktop Search
2009-12-22 23:15 . 2010-01-09 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Desktop Search
2009-12-22 23:14 . 2009-12-22 23:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-22 23:11 . 2009-12-22 23:11 -------- d-----w- c:\program files\MSXML 4.0
2009-12-22 23:03 . 2008-04-26 01:45 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-21 19:14 . 2008-04-25 20:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2008-04-25 20:33 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-05-26 488960]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-30 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-18 2441216]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-03-18 320808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PCMAgent"="c:\program files\Dell\Media Experience\PCMAgent.exe" [2008-12-11 148776]
"CLMLServer"="c:\program files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe" [2008-12-11 202024]
"PlayMovie"="c:\program files\Dell\PlayMovie\PMVService.exe" [2008-12-11 177384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

c:\documents and settings\Erica Hong\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-25 07:13 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [12/22/2009 3:17 PM 14248]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [6/9/2009 8:11 AM 155648]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/22/2009 3:28 PM 143840]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [12/22/2009 4:42 PM 93952]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [12/22/2009 4:42 PM 5097632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [12/22/2009 4:42 PM 110080]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [12/22/2009 4:42 PM 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [12/22/2009 4:42 PM 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [12/22/2009 4:42 PM 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [12/22/2009 4:41 PM 157696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2009 4:41 PM 1684736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - APPMGMT
*Deregistered* - SASENUM
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {BD62BFE7-E5F4-45A8-877C-5964DDE961A8} = 93.188.162.211,93.188.161.45
TCP: {F8863CB6-5239-4A78-9B6F-CDD5D6B2AFAE} = 93.188.162.211,93.188.161.45
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-12 19:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\ERICAH~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x865618C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7601f28
\Driver\ACPI -> ACPI.sys @ 0xf7494cb8
\Driver\atapi -> atapi.sys @ 0xf744fb3a
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Dell Wireless 1397 WLAN Mini-Card -> SendCompleteHandler -> NDIS.sys @ 0xf7358bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7365a21
SendHandler -> NDIS.sys @ 0xf734387b
user & kernel MBR OK
copy of MBR has been found in sector 61 !
copy of MBR has been found in sector 62 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-12 19:27:49
ComboFix-quarantined-files.txt 2010-02-13 03:27

Pre-Run: 137,761,370,112 bytes free
Post-Run: 137,731,534,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7E4BE3C888A5AEF922517F1297D16065


Report •

#6
February 12, 2010 at 20:09:09
Download TDSSKiller to your Desktop from the following link.

TDSSKiller


1. Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop. It will extract to an unzipped folder, drag TDSSKiller.exe out of that folder onto the desktop.
2. Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v


3. If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
4. When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •

#7
February 13, 2010 at 09:00:06
08:55:58:171 3524 TDSS rootkit removing tool 2.2.3 Feb 4 2010 14:34:00
08:55:58:171 3524 ================================================================================
08:55:58:171 3524 SystemInfo:

08:55:58:171 3524 OS Version: 5.1.2600 ServicePack: 3.0
08:55:58:171 3524 Product type: Workstation
08:55:58:171 3524 ComputerName: PIGNINJA
08:55:58:171 3524 UserName: Erica Hong
08:55:58:171 3524 Windows directory: C:\WINDOWS
08:55:58:171 3524 Processor architecture: Intel x86
08:55:58:171 3524 Number of processors: 2
08:55:58:171 3524 Page size: 0x1000
08:55:58:187 3524 Boot type: Normal boot
08:55:58:187 3524 ================================================================================
08:55:58:187 3524 UnloadDriverW: NtUnloadDriver error 2
08:55:58:203 3524 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
08:55:58:203 3524 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
08:55:58:609 3524 UtilityInit: KLMD drop and load success
08:55:58:609 3524 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
08:55:58:609 3524 UtilityInit: KLMD open success
08:55:58:609 3524 UtilityInit: Initialize success
08:55:58:609 3524
08:55:58:609 3524 Scanning Services ...
08:55:58:609 3524 CreateRegParser: Registry parser init started
08:55:58:609 3524 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
08:55:58:609 3524 CreateRegParser: DisableWow64Redirection error
08:55:58:609 3524 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
08:55:58:609 3524 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
08:55:58:609 3524 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:55:58:609 3524 wfopen_ex: Trying to KLMD file open
08:55:58:609 3524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
08:55:58:609 3524 wfopen_ex: File opened ok (Flags 2)
08:55:58:609 3524 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 394B80
08:55:58:609 3524 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
08:55:58:609 3524 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
08:55:58:609 3524 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
08:55:58:609 3524 wfopen_ex: Trying to KLMD file open
08:55:58:609 3524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
08:55:58:609 3524 wfopen_ex: File opened ok (Flags 2)
08:55:58:625 3524 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 394C28
08:55:58:625 3524 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
08:55:58:625 3524 CreateRegParser: EnableWow64Redirection error
08:55:58:625 3524 CreateRegParser: RegParser init completed
08:55:59:125 3524 GetAdvancedServicesInfo: Raw services enum returned 353 services
08:55:59:140 3524 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
08:55:59:140 3524 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
08:55:59:140 3524
08:55:59:140 3524 Scanning Kernel memory ...
08:55:59:156 3524 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
08:55:59:156 3524 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8651DA08
08:55:59:156 3524 DetectCureTDL3: KLMD_GetDeviceObjectList returned 4 DevObjects
08:55:59:156 3524
08:55:59:156 3524 DetectCureTDL3: DEVICE_OBJECT: 86586030
08:55:59:156 3524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86586030
08:55:59:156 3524 KLMD_ReadMem: Trying to ReadMemory 0x86586030[0x38]
08:55:59:156 3524 DetectCureTDL3: DRIVER_OBJECT: 8651DA08
08:55:59:156 3524 KLMD_ReadMem: Trying to ReadMemory 0x8651DA08[0xA8]
08:55:59:156 3524 KLMD_ReadMem: Trying to ReadMemory 0xE1023FE0[0x18]
08:55:59:156 3524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
08:55:59:156 3524 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
08:55:59:156 3524 DetectCureTDL3: IrpHandler (1) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
08:55:59:156 3524 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
08:55:59:156 3524 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
08:55:59:156 3524 DetectCureTDL3: IrpHandler (5) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (6) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (7) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (8) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
08:55:59:156 3524 DetectCureTDL3: IrpHandler (10) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (11) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (12) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (13) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
08:55:59:156 3524 DetectCureTDL3: IrpHandler (15) addr: F7601F28
08:55:59:156 3524 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
08:55:59:156 3524 DetectCureTDL3: IrpHandler (17) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (18) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (19) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (20) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (21) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
08:55:59:156 3524 DetectCureTDL3: IrpHandler (23) addr: F760499E
08:55:59:156 3524 DetectCureTDL3: IrpHandler (24) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (25) addr: 804F4562
08:55:59:156 3524 DetectCureTDL3: IrpHandler (26) addr: 804F4562
08:55:59:156 3524 TDL3_FileDetect: Processing driver: Disk
08:55:59:156 3524 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:59:156 3524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:59:203 3524 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
08:55:59:203 3524
08:55:59:203 3524 DetectCureTDL3: DEVICE_OBJECT: 8654EC68
08:55:59:203 3524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8654EC68
08:55:59:203 3524 KLMD_ReadMem: Trying to ReadMemory 0x8654EC68[0x38]
08:55:59:203 3524 DetectCureTDL3: DRIVER_OBJECT: 8651DA08
08:55:59:203 3524 KLMD_ReadMem: Trying to ReadMemory 0x8651DA08[0xA8]
08:55:59:203 3524 KLMD_ReadMem: Trying to ReadMemory 0xE1023FE0[0x18]
08:55:59:203 3524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
08:55:59:203 3524 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
08:55:59:203 3524 DetectCureTDL3: IrpHandler (1) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
08:55:59:203 3524 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
08:55:59:203 3524 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
08:55:59:203 3524 DetectCureTDL3: IrpHandler (5) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (6) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (7) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (8) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
08:55:59:203 3524 DetectCureTDL3: IrpHandler (10) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (11) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (12) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (13) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
08:55:59:203 3524 DetectCureTDL3: IrpHandler (15) addr: F7601F28
08:55:59:203 3524 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
08:55:59:203 3524 DetectCureTDL3: IrpHandler (17) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (18) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (19) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (20) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (21) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
08:55:59:203 3524 DetectCureTDL3: IrpHandler (23) addr: F760499E
08:55:59:203 3524 DetectCureTDL3: IrpHandler (24) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (25) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (26) addr: 804F4562
08:55:59:203 3524 TDL3_FileDetect: Processing driver: Disk
08:55:59:203 3524 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:59:203 3524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:59:203 3524 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
08:55:59:203 3524
08:55:59:203 3524 DetectCureTDL3: DEVICE_OBJECT: 86588C68
08:55:59:203 3524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86588C68
08:55:59:203 3524 KLMD_ReadMem: Trying to ReadMemory 0x86588C68[0x38]
08:55:59:203 3524 DetectCureTDL3: DRIVER_OBJECT: 8651DA08
08:55:59:203 3524 KLMD_ReadMem: Trying to ReadMemory 0x8651DA08[0xA8]
08:55:59:203 3524 KLMD_ReadMem: Trying to ReadMemory 0xE1023FE0[0x18]
08:55:59:203 3524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
08:55:59:203 3524 DetectCureTDL3: IrpHandler (0) addr: F7603BB0
08:55:59:203 3524 DetectCureTDL3: IrpHandler (1) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (2) addr: F7603BB0
08:55:59:203 3524 DetectCureTDL3: IrpHandler (3) addr: F75FDD1F
08:55:59:203 3524 DetectCureTDL3: IrpHandler (4) addr: F75FDD1F
08:55:59:203 3524 DetectCureTDL3: IrpHandler (5) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (6) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (7) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (8) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (9) addr: F75FE2E2
08:55:59:203 3524 DetectCureTDL3: IrpHandler (10) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (11) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (12) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (13) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (14) addr: F75FE3BB
08:55:59:203 3524 DetectCureTDL3: IrpHandler (15) addr: F7601F28
08:55:59:203 3524 DetectCureTDL3: IrpHandler (16) addr: F75FE2E2
08:55:59:203 3524 DetectCureTDL3: IrpHandler (17) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (18) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (19) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (20) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (21) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (22) addr: F75FFC82
08:55:59:203 3524 DetectCureTDL3: IrpHandler (23) addr: F760499E
08:55:59:203 3524 DetectCureTDL3: IrpHandler (24) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (25) addr: 804F4562
08:55:59:203 3524 DetectCureTDL3: IrpHandler (26) addr: 804F4562
08:55:59:203 3524 TDL3_FileDetect: Processing driver: Disk
08:55:59:203 3524 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:59:203 3524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
08:55:59:218 3524 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
08:55:59:218 3524
08:55:59:218 3524 DetectCureTDL3: DEVICE_OBJECT: 86589AB8
08:55:59:218 3524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86589AB8
08:55:59:218 3524 DetectCureTDL3: DEVICE_OBJECT: 86552520
08:55:59:218 3524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86552520
08:55:59:218 3524 DetectCureTDL3: DEVICE_OBJECT: 86571D98
08:55:59:218 3524 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86571D98
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0x86571D98[0x38]
08:55:59:218 3524 DetectCureTDL3: DRIVER_OBJECT: 86552A90
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0x86552A90[0xA8]
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0xE156EA40[0x1A]
08:55:59:218 3524 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
08:55:59:218 3524 DetectCureTDL3: IrpHandler (0) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (1) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (2) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (3) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (4) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (5) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (6) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (7) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (8) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (9) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (10) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (11) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (12) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (13) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (14) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (15) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (16) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (17) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (18) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (19) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (20) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (21) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (22) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (23) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (24) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (25) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: IrpHandler (26) addr: F744FB3A
08:55:59:218 3524 DetectCureTDL3: All IRP handlers pointed to one addr: F744FB3A
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0xF744FB3A[0x400]
08:55:59:218 3524 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0x865720B4[0x4]
08:55:59:218 3524 TDL3_IrpHookDetect: New IrpHandler addr: 865808C8
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0x865808C8[0x400]
08:55:59:218 3524 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120
08:55:59:218 3524 Driver "atapi" Irp handler infected by TDSS rootkit ... 08:55:59:218 3524 KLMD_WriteMem: Trying to WriteMemory 0x8658094E[0xD]
08:55:59:218 3524 cured
08:55:59:218 3524 KLMD_ReadMem: Trying to ReadMemory 0xF744D864[0x400]
08:55:59:218 3524 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
08:55:59:218 3524 TDL3_FileDetect: Processing driver: atapi
08:55:59:218 3524 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
08:55:59:218 3524 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
08:55:59:234 3524 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
08:55:59:234 3524 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 08:55:59:234 3524 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
08:55:59:234 3524 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
08:55:59:250 3524 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
08:55:59:406 3524 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab
08:55:59:484 3524 CabinetCallback: Backup candidate found: atapi.sys:96512, extracting..
08:55:59:843 3524 CabinetCallback: File extracted successfully: C:\DOCUME~1\ERICAH~1\LOCALS~1\Temp\bck49.tmp
08:55:59:843 3524 ValidateDriverFile: Stage 1 passed
08:55:59:843 3524 ValidateDriverFile: Stage 2 passed
08:56:00:109 3524 DigitalSignVerifyByHandle: Embedded DS result: 800B0100
08:56:01:687 3524 DigitalSignVerifyByHandle: Cat DS result: 00000000
08:56:01:687 3524 ValidateDriverFile: Stage 3 passed
08:56:01:687 3524 CabinetCallback: File validated successfully, restore information prepared
08:56:01:687 3524 FindDriverFileBackup: Backup copy found in cab-file
08:56:01:703 3524 TDL3_FileCure: Backup copy found, using it..
08:56:01:703 3524 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk4A.tmp
08:56:01:765 3524 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk4A.tmp, system32\drivers\atapi.sys)
08:56:01:765 3524 TDL3_FileCure: KLMD jobs schedule success
08:56:01:765 3524 will be cured on next reboot
08:56:01:765 3524 UtilityBootReinit: Reboot required for cure complete..
08:56:01:765 3524 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
08:56:02:125 3524 UtilityBootReinit: KLMD drop success
08:56:02:125 3524 KLMD_ApplyPendList: Pending buffer(1DFF_5BEA, 608) dropped successfully
08:56:02:125 3524 UtilityBootReinit: Cure on reboot scheduled successfully
08:56:02:125 3524
08:56:02:125 3524 Completed
08:56:02:125 3524
08:56:02:125 3524 Results:
08:56:02:125 3524 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
08:56:02:125 3524 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:56:02:125 3524 File objects infected / cured / cured on reboot: 1 / 0 / 1
08:56:02:125 3524
08:56:02:125 3524 UnloadDriverW: NtUnloadDriver error 1
08:56:02:125 3524 KLMD_Unload: UnloadDriverW(klmd21) error 1
08:56:02:140 3524 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
08:56:02:140 3524 UtilityDeinit: KLMD(ARK) unloaded successfully


Report •

#8
February 13, 2010 at 09:41:26
i tried the eset scan and ad i click the yes i agreeee box then it just takes me to a blank blue page..

Report •

#9
February 13, 2010 at 12:17:00
Looks like that killed the baddie, is the computer still being redirected?

A little clean-up to do.

Delete TDSSkiller and DDS from your desktop.

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

And let me know how the computer is operating.


Report •

#10
February 13, 2010 at 16:00:11
i think i am going to cry it keeps redirecting me.

okay so after you said restart your computer in response 9 i did. then this blue screen came up and it was like some error occured. like something like iqrl is unequal or something like that. so i restarted my computer and it came up again. so i read it and it said delete any new installations. so i went into safe mode and deleted atf cleaner and restarted. then it popped up again so getting fed up on the black screen it was like open windows normally or from the last good open so i clicked the last good open. and here i am now being redirected aha

please help me :]


Report •

#11
February 13, 2010 at 16:39:56
Please run Combofix again following all the directions in response #3 and post its log.

Report •

#12
February 13, 2010 at 21:50:16
ComboFix 10-02-12.01 - Erica Hong 02/13/2010 19:04:53.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.457 [GMT -8:00]
Running from: c:\documents and settings\Erica Hong\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-13 16:56 . 2010-02-13 16:56 31752 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-02-12 03:59 . 2010-02-12 03:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-08 23:25 . 2010-02-08 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-08 23:24 . 2010-02-13 02:25 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\SUPERAntiSpyware.com
2010-02-08 23:24 . 2010-02-13 02:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-07 06:15 . 2010-02-07 06:15 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Malwarebytes
2010-02-07 06:15 . 2010-02-07 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-06 02:43 . 2010-02-06 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-02-06 01:49 . 2010-02-06 01:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-02-06 01:47 . 2010-02-06 01:47 -------- d-----w- c:\windows\Sun
2010-01-31 21:19 . 2005-06-06 18:29 110592 ----a-w- c:\documents and settings\Erica Hong\Application Data\U3\temp\cleanup.exe
2010-01-31 20:22 . 2010-01-31 21:19 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\U3
2010-01-23 02:58 . 1994-11-18 09:00 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL
2010-01-23 02:35 . 2010-02-11 02:17 -------- d-----w- c:\program files\IrfanView
2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Reallusion
2010-01-21 21:45 . 2010-01-21 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-01-21 21:40 . 2010-01-21 21:40 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Creative
2010-01-21 21:31 . 2010-01-21 21:31 -------- d-----w- c:\documents and settings\Erica Hong\Local Settings\Application Data\Windows Live Writer
2010-01-21 21:31 . 2010-01-21 21:31 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Live Writer
2010-01-20 03:48 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 23:46 . 2010-01-11 03:11 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-02-13 23:46 . 2010-01-09 19:52 51200 ----a-w- c:\windows\system32\rpcnet.dll
2010-02-13 23:37 . 2010-01-11 03:12 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-02-13 16:56 . 2010-02-13 16:56 96512 ----a-w- c:\windows\system32\drivers\tsk4A.tmp
2010-02-08 17:18 . 2010-01-09 17:47 50552 ----a-w- c:\documents and settings\Erica Hong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-21 00:44 . 2009-12-22 23:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 23:53 . 2009-12-22 23:42 -------- d-----w- c:\program files\McAfee
2010-01-10 20:13 . 2009-12-22 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-10 07:35 . 2009-12-22 23:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-09 22:10 . 2009-12-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-09 19:55 . 2009-12-22 23:27 -------- d-----w- c:\program files\LFLInstall
2010-01-09 19:48 . 2010-01-09 19:52 51200 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-09 19:48 . 2010-01-09 19:47 10892320 ----a-w- c:\documents and settings\Erica Hong\Application Data\Absolute\InstallManager\setup.exe
2010-01-09 19:46 . 2010-01-09 19:44 11152896 ----a-w- c:\documents and settings\Erica Hong\Application Data\Absolute\InstallManager\LoJackInstaller.exe
2010-01-09 19:44 . 2010-01-09 19:44 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Absolute
2010-01-09 18:41 . 2009-12-22 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-01-09 17:54 . 2010-01-09 17:54 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Search
2010-01-09 17:48 . 2010-01-09 17:48 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Dell
2009-12-23 00:42 . 2009-12-23 00:42 77824 ----a-w- c:\windows\setpwr32.exe
2009-12-23 00:41 . 2009-12-23 00:41 4909 ----a-w- c:\windows\system32\drivers\1028_Dell_INS_1010.mrk
2009-12-22 23:40 . 2009-12-22 23:20 -------- d-----w- c:\program files\Dell
2009-12-22 23:39 . 2009-12-22 23:36 -------- d-----w- c:\program files\Windows Live
2009-12-22 23:39 . 2009-12-22 23:39 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-22 23:38 . 2009-12-22 23:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-12-22 23:37 . 2009-12-22 23:37 -------- d-----w- c:\program files\Microsoft
2009-12-22 23:36 . 2009-12-22 23:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-22 23:33 . 2009-12-22 23:33 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-22 23:33 . 2009-12-22 23:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 23:33 . 2009-12-22 23:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-22 23:33 . 2009-12-22 23:16 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-22 23:33 . 2010-01-09 17:47 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\PowerCinema
2009-12-22 23:33 . 2010-01-09 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\PowerCinema
2009-12-22 23:31 . 2009-12-22 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp
2009-12-22 23:31 . 2009-12-22 23:31 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-12-22 23:31 . 2009-12-22 23:31 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-12-22 23:28 . 2009-12-22 23:28 75 --sh--r- c:\windows\CT4CET.bin
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Common Files\Reallusion
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Dell Webcam
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Creative
2009-12-22 23:28 . 2009-12-22 23:28 -------- d-----w- c:\program files\Creative Live! Cam
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\program files\Dell Support Center
2009-12-22 23:27 . 2009-12-22 23:27 -------- d-----w- c:\program files\Common Files\supportsoft
2009-12-22 23:25 . 2009-12-22 23:25 -------- d-----w- c:\program files\Microsoft.NET
2009-12-22 23:22 . 2009-12-22 23:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-22 23:22 . 2009-12-22 23:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-22 23:21 . 2009-12-23 04:56 -------- d-----w- c:\program files\Elantech
2009-12-22 23:21 . 2009-12-22 23:21 -------- d-----w- c:\program files\CapsLKNotify
2009-12-22 23:20 . 2010-01-09 17:47 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\InstallShield
2009-12-22 23:20 . 2010-01-09 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\InstallShield
2009-12-22 23:20 . 2009-12-22 23:20 -------- d-----w- c:\program files\CyberLink
2009-12-22 23:20 . 2009-12-22 23:20 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{CBC1172F-1253-4844-A50C-B8C9981FE962}\PostBuild.exe
2009-12-22 23:20 . 2009-12-22 23:20 -------- d-----w- c:\program files\Function Keys
2009-12-22 23:19 . 2009-12-22 23:19 -------- d-----w- c:\program files\Battery Meter
2009-12-22 23:18 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\XP32
2009-12-22 23:17 . 2009-12-22 23:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Win764
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Win732
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Vista64
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Vista32
2009-12-22 23:17 . 2009-12-22 23:17 -------- d-----w- c:\program files\WSED
2009-12-22 23:16 . 2009-12-22 23:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 23:16 . 2009-12-22 23:16 -------- d-----w- c:\program files\Java
2009-12-22 23:16 . 2009-12-22 23:15 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-22 23:15 . 2010-01-09 17:47 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Desktop Search
2009-12-22 23:15 . 2010-01-09 17:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Windows Desktop Search
2009-12-22 23:14 . 2009-12-22 23:14 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-22 23:11 . 2009-12-22 23:11 -------- d-----w- c:\program files\MSXML 4.0
2009-12-22 23:03 . 2008-04-26 01:45 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-21 19:14 . 2008-04-25 20:33 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2008-04-25 20:33 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-13_03.24.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-13 23:46 . 2010-02-13 23:46 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2010-01-09 17:41 . 2010-02-14 01:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-09 17:41 . 2010-02-13 01:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-09 17:41 . 2010-02-14 01:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-09 17:41 . 2010-02-13 01:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-13 16:53 . 2010-02-14 01:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-05-26 488960]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-30 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-18 2441216]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-03-18 320808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PCMAgent"="c:\program files\Dell\Media Experience\PCMAgent.exe" [2008-12-11 148776]
"CLMLServer"="c:\program files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe" [2008-12-11 202024]
"PlayMovie"="c:\program files\Dell\PlayMovie\PMVService.exe" [2008-12-11 177384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

c:\documents and settings\Erica Hong\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-25 07:13 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [12/22/2009 3:17 PM 14248]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [6/9/2009 8:11 AM 155648]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/22/2009 3:28 PM 143840]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [12/22/2009 4:42 PM 93952]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [12/22/2009 4:42 PM 5097632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [12/22/2009 4:42 PM 110080]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [12/22/2009 4:42 PM 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [12/22/2009 4:42 PM 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [12/22/2009 4:42 PM 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [12/22/2009 4:41 PM 157696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2009 4:41 PM 1684736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {BD62BFE7-E5F4-45A8-877C-5964DDE961A8} = 93.188.162.211,93.188.161.45
TCP: {F8863CB6-5239-4A78-9B6F-CDD5D6B2AFAE} = 93.188.162.211,93.188.161.45
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 19:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x86D708C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7681f28
\Driver\ACPI -> ACPI.sys @ 0xf7514cb8
\Driver\atapi -> atapi.sys @ 0xf74cfb3a
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Dell Wireless 1397 WLAN Mini-Card -> SendCompleteHandler -> NDIS.sys @ 0xf73d8bb0
PacketIndicateHandler -> NDIS.sys @ 0xf73e5a21
SendHandler -> NDIS.sys @ 0xf73c387b
user & kernel MBR OK
copy of MBR has been found in sector 61 !
copy of MBR has been found in sector 62 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\igdlogin.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(1628)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-13 19:16:52
ComboFix-quarantined-files.txt 2010-02-14 03:16
ComboFix2.txt 2010-02-13 04:34
ComboFix3.txt 2010-02-13 03:27

Pre-Run: 139,331,338,240 bytes free
Post-Run: 139,291,439,104 bytes free

- - End Of File - - 24884C7438253726C39EA1CD323D3690


Report •

#13
February 13, 2010 at 21:55:59
ahh and dear jabuck i forgot to mention this earlier but i really totally appreciate the help your giving me thank you so much :]

Report •

#14
February 13, 2010 at 23:02:03
I'm having the same redirect issue and was wondering if you could help me as well. I downloaded dds.scr and ran it. Here are the reports:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Lori at 1:55:18.35 on Sun 02/14/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.191 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Lori\AppData\Local\Temp\setuper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Windows\sttray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sierra\Planner\Plnrnote.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
C:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Users\Lori\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
uDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
uURLSearchHooks: Absolutist Games Toolbar: {631ac2d4-57b3-42b0-a148-da33b462c1a3} - c:\program files\absolutist_games\tbAbso.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Absolutist Games Toolbar: {631ac2d4-57b3-42b0-a148-da33b462c1a3} - c:\program files\absolutist_games\tbAbso.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Absolutist Games Toolbar: {631ac2d4-57b3-42b0-a148-da33b462c1a3} - c:\program files\absolutist_games\tbAbso.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\PhotoDownloader.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=0
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\creata~1.lnk - c:\program files\creatacard\plus\fmrmd32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\program files\sierra\planner\Plnrnote.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\AGremind.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolba...
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\lori\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://help.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll,c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\lori\appdata\roaming\mozilla\firefox\profiles\84kvrdmt.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\users\lori\appdata\roaming\mozilla\firefox\profiles\84kvrdmt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\users\lori\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-13 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-13 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-13 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-4 285392]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-8-31 47640]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2008-6-29 28739]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-4-3 30192]

=============== Created Last 30 ================

2010-02-04 13:33:22 0 d--h--w- C:\$AVG
2010-02-04 13:32:24 0 d-----w- c:\programdata\avg9
2010-02-04 13:28:28 0 d-----w- c:\programdata\Temp
2010-02-03 20:12:58 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-02-03 15:12:27 0 d-----w- C:\PerfLogs
2010-01-29 03:25:18 102400 --sha-r- c:\windows\system32\mciwavek.dll
2010-01-22 01:36:05 0 d-----w- C:\[TWILIGHT]
2010-01-16 16:05:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-16 16:05:35 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-16 15:43:18 65536 --sha-w- c:\users\lori\ntuser.dat{a0d692e6-02b5-11df-b98a-00188b6b1ca4}.TM.blf
2010-01-16 15:43:18 524288 --sha-w- c:\users\lori\ntuser.dat{a0d692e6-02b5-11df-b98a-00188b6b1ca4}.TMContainer00000000000000000002.regtrans-ms
2010-01-16 15:43:18 524288 --sha-w- c:\users\lori\ntuser.dat{a0d692e6-02b5-11df-b98a-00188b6b1ca4}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-02-12 13:33:02 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-04 13:33:11 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-04 13:33:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-04 13:32:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-03 15:32:19 174 --sha-w- c:\program files\desktop.ini
2010-02-03 15:28:56 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-03 15:28:56 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-03 15:28:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-03 15:12:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-03 14:50:29 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-02-03 14:50:20 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 01:34:13 48 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-19 18:22:01 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-17 22:25:12 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-08 20:52:17 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52:16 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-17 12:14:25 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-17 07:17:38 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-04-03 23:05:59 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 1:57:46.02 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/3/2007 11:11:11 AM
System Uptime: 2/12/2010 8:32:48 AM (41 hours ago)

Motherboard: Dell Inc | |
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket M2 | 1800/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 138.207 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.998 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Abrosoft FantaMorph 4.0
Absolutist Games Toolbar
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
American Greetings® CreataCard® 4
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
AT&T Yahoo! Messenger
AVG Free 9.0
BellSouth FastAccess DSL WEB Controls
bodybugg® Software
Bonjour
Bubble Shooter Premium
Calendar Creator 7.0
Cards_Calendar_OrderGift_DoMorePlugout
Conexant D850 PCI V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Coupon Printer for Windows
CreataCard Plus 2
Dell Games
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Digital Line Detect
Documentation & Support Launcher
DVD Shrink 3.2
EarthLink Setup Files
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V200 Photo Scanner Driver Update
EPSON Perfection V200P User's Guide
EPSON Scan
EPSON Scan Assistant
Event Planner
Games, Music, & Photos Launcher
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hallmark Card Studio
Hallmark Card Studio 2005 Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential 2.5
HP Print Diagnostic Utility
HPPhotoSmartPhotobookWebPack1
ImgBurn
InstallMgr
Internet Service Offers Launcher
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 16
kSolo Recorder
LimeWire 5.1.2
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
LogMeIn
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 98
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Modem Diagnostic Tool
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6)
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
msxml4SP2
My Web Search (Webfetti)
NetWaiting
NVIDIA Drivers
Photo Organizer
PSSWCORE
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SigmaTel Audio
Skype web features
Skype™ 4.1
Sonic Activation Module
SureThing CD Labeler Deluxe 4 Trial
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
User's Guides
VideoToolkit01
Windows Live Messenger
Windows Live Sign-in Assistant
Yahoo! Browser Services
Yahoo! BrowserPlus
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Music Jukebox
Yahoo! ¤u¨ã¦C

==== Event Viewer Messages From Past Week ========

2/7/2010 10:48:40 PM, Error: Service Control Manager [7000] - The Google Update Service service failed to start due to the following error: Access is denied.
2/12/2010 8:33:34 AM, Error: EventLog [6008] - The previous system shutdown at 7:14:32 AM on 2/12/2010 was unexpected.
2/11/2010 3:24:18 AM, Error: Service Control Manager [7000] - The Google Update Service service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================


Report •

#15
February 14, 2010 at 06:57:11
Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\drivers\tsk4A.tmp
c:\windows\setpwr32.exe

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.

Next run TDSSkiller just as you did in response #6 and post that log.


Report •

#16
February 27, 2010 at 10:51:55
ComboFix 10-02-27.04 - Erica Hong 02/27/2010 10:32:33.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.466 [GMT -8:00]
Running from: c:\documents and settings\Erica Hong\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Erica Hong\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\setpwr32.exe"
"c:\windows\system32\drivers\tsk4A.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\setpwr32.exe
c:\windows\system32\drivers\tsk4A.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-16 06:56 . 2008-04-14 08:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-16 06:56 . 2008-04-14 08:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-13 16:56 . 2010-02-13 16:56 31752 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-02-12 03:59 . 2010-02-12 03:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-08 23:25 . 2010-02-08 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-08 23:24 . 2010-02-13 02:25 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\SUPERAntiSpyware.com
2010-02-08 23:24 . 2010-02-13 02:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-07 06:15 . 2010-02-07 06:15 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Malwarebytes
2010-02-07 06:15 . 2010-02-07 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-06 02:43 . 2010-02-06 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Musicnotes
2010-02-06 01:49 . 2010-02-06 01:49 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-02-06 01:47 . 2010-02-06 01:47 -------- d-----w- c:\windows\Sun
2010-01-31 21:19 . 2005-06-06 18:29 110592 ----a-w- c:\documents and settings\Erica Hong\Application Data\U3\temp\cleanup.exe
2010-01-31 20:22 . 2010-01-31 21:19 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 18:43 . 2010-01-11 03:11 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-02-27 18:43 . 2010-01-09 19:52 51200 ----a-w- c:\windows\system32\rpcnet.dll
2010-02-13 23:37 . 2010-01-11 03:12 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2010-02-11 02:17 . 2010-01-23 02:35 -------- d-----w- c:\program files\IrfanView
2010-02-08 17:18 . 2010-01-09 17:47 50552 ----a-w- c:\documents and settings\Erica Hong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-21 21:51 . 2010-01-21 21:51 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Reallusion
2010-01-21 21:51 . 2010-01-21 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-01-21 21:40 . 2010-01-21 21:40 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Creative
2010-01-21 21:31 . 2010-01-21 21:31 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Live Writer
2010-01-21 00:44 . 2009-12-22 23:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-13 23:53 . 2009-12-22 23:42 -------- d-----w- c:\program files\McAfee
2010-01-10 20:13 . 2009-12-22 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-10 07:35 . 2009-12-22 23:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-09 22:10 . 2009-12-22 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-09 19:55 . 2009-12-22 23:27 -------- d-----w- c:\program files\LFLInstall
2010-01-09 19:48 . 2010-01-09 19:52 51200 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-09 19:48 . 2010-01-09 19:47 10892320 ----a-w- c:\documents and settings\Erica Hong\Application Data\Absolute\InstallManager\setup.exe
2010-01-09 19:46 . 2010-01-09 19:44 11152896 ----a-w- c:\documents and settings\Erica Hong\Application Data\Absolute\InstallManager\LoJackInstaller.exe
2010-01-09 19:44 . 2010-01-09 19:44 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Absolute
2010-01-09 18:41 . 2009-12-22 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-01-09 17:54 . 2010-01-09 17:54 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Windows Search
2010-01-09 17:48 . 2010-01-09 17:48 -------- d-----w- c:\documents and settings\Erica Hong\Application Data\Dell
2009-12-22 23:31 . 2009-12-22 23:31 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\PostBuild.exe
2009-12-22 23:31 . 2009-12-22 23:31 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2009-12-22 23:28 . 2009-12-22 23:28 75 --sh--r- c:\windows\CT4CET.bin
2009-12-22 23:20 . 2009-12-22 23:20 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{CBC1172F-1253-4844-A50C-B8C9981FE962}\PostBuild.exe
2009-12-22 23:16 . 2009-12-22 23:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-22 23:03 . 2008-04-26 01:45 77423 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-21 19:14 . 2008-04-25 20:33 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-13_03.24.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-27 18:43 . 2010-02-27 18:43 16384 c:\windows\Temp\Perflib_Perfdata_6c4.dat
+ 2010-01-09 17:41 . 2010-02-27 18:03 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-09 17:41 . 2010-02-13 01:18 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-09 17:41 . 2010-02-27 18:03 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-01-09 17:41 . 2010-02-13 01:18 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-14 05:28 . 2010-02-27 18:03 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2010-01-09 17:41 . 2010-02-13 01:18 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-05-26 488960]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-30 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-06 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-06 354840]
"PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-07-06 96792]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-02-18 2441216]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-03-18 320808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PCMAgent"="c:\program files\Dell\Media Experience\PCMAgent.exe" [2008-12-11 148776]
"CLMLServer"="c:\program files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe" [2008-12-11 202024]
"PlayMovie"="c:\program files\Dell\PlayMovie\PMVService.exe" [2008-12-11 177384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

c:\documents and settings\Erica Hong\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin]
2009-06-25 07:13 65536 ----a-w- c:\windows\system32\igdlogin.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [12/22/2009 3:17 PM 14248]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [6/9/2009 8:11 AM 155648]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/22/2009 3:28 PM 143840]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [12/22/2009 4:42 PM 93952]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [12/22/2009 4:42 PM 5097632]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [12/22/2009 4:42 PM 110080]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [12/22/2009 4:42 PM 148056]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [12/22/2009 4:42 PM 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [12/22/2009 4:42 PM 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [12/22/2009 4:41 PM 157696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/22/2009 4:41 PM 1684736]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 10:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x86D068C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7641f28
\Driver\ACPI -> ACPI.sys @ 0xf74d4cb8
\Driver\atapi -> atapi.sys @ 0xf748fb3a
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Dell Wireless 1397 WLAN Mini-Card -> SendCompleteHandler -> NDIS.sys @ 0xf7398bb0
PacketIndicateHandler -> NDIS.sys @ 0xf73a5a21
SendHandler -> NDIS.sys @ 0xf738387b
user & kernel MBR OK
copy of MBR has been found in sector 61 !
copy of MBR has been found in sector 62 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-02-27 10:49:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-27 18:49
ComboFix2.txt 2010-02-14 03:16
ComboFix3.txt 2010-02-13 04:34
ComboFix4.txt 2010-02-13 03:27

Pre-Run: 139,123,920,896 bytes free
Post-Run: 139,262,861,312 bytes free

- - End Of File - - 043C13A85F96D28602DC2BEBEFD6BC36


Report •

#17
February 27, 2010 at 10:59:09
10:56:40:562 3516 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
10:56:40:562 3516 ================================================================================
10:56:40:562 3516 SystemInfo:

10:56:40:562 3516 OS Version: 5.1.2600 ServicePack: 3.0
10:56:40:562 3516 Product type: Workstation
10:56:40:562 3516 ComputerName: PIGNINJA
10:56:40:562 3516 UserName: Erica Hong
10:56:40:562 3516 Windows directory: C:\WINDOWS
10:56:40:562 3516 Processor architecture: Intel x86
10:56:40:562 3516 Number of processors: 2
10:56:40:562 3516 Page size: 0x1000
10:56:40:562 3516 Boot type: Normal boot
10:56:40:562 3516 ================================================================================
10:56:40:578 3516 UnloadDriverW: NtUnloadDriver error 2
10:56:40:578 3516 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
10:56:40:609 3516 Initialize success
10:56:40:609 3516
10:56:40:609 3516 Scanning Services ...
10:56:40:609 3516 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
10:56:40:609 3516 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:56:40:609 3516 wfopen_ex: Trying to KLMD file open
10:56:40:609 3516 wfopen_ex: File opened ok (Flags 2)
10:56:40:609 3516 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
10:56:40:609 3516 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:56:40:609 3516 wfopen_ex: Trying to KLMD file open
10:56:40:609 3516 wfopen_ex: File opened ok (Flags 2)
10:56:41:109 3516 GetAdvancedServicesInfo: Raw services enum returned 354 services
10:56:41:109 3516 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
10:56:41:109 3516 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
10:56:41:109 3516
10:56:41:109 3516 Scanning Kernel memory ...
10:56:41:109 3516 Devices to scan: 4
10:56:41:109 3516
10:56:41:109 3516 Driver Name: Disk
10:56:41:109 3516 IRP_MJ_CREATE : F7643BB0
10:56:41:109 3516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:56:41:109 3516 IRP_MJ_CLOSE : F7643BB0
10:56:41:125 3516 IRP_MJ_READ : F763DD1F
10:56:41:125 3516 IRP_MJ_WRITE : F763DD1F
10:56:41:125 3516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:56:41:125 3516 IRP_MJ_SET_INFORMATION : 804F4562
10:56:41:125 3516 IRP_MJ_QUERY_EA : 804F4562
10:56:41:125 3516 IRP_MJ_SET_EA : 804F4562
10:56:41:125 3516 IRP_MJ_FLUSH_BUFFERS : F763E2E2
10:56:41:125 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:56:41:125 3516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:56:41:125 3516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:56:41:125 3516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:56:41:125 3516 IRP_MJ_DEVICE_CONTROL : F763E3BB
10:56:41:125 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7641F28
10:56:41:125 3516 IRP_MJ_SHUTDOWN : F763E2E2
10:56:41:125 3516 IRP_MJ_LOCK_CONTROL : 804F4562
10:56:41:125 3516 IRP_MJ_CLEANUP : 804F4562
10:56:41:125 3516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:56:41:125 3516 IRP_MJ_QUERY_SECURITY : 804F4562
10:56:41:125 3516 IRP_MJ_SET_SECURITY : 804F4562
10:56:41:125 3516 IRP_MJ_POWER : F763FC82
10:56:41:125 3516 IRP_MJ_SYSTEM_CONTROL : F764499E
10:56:41:125 3516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:56:41:125 3516 IRP_MJ_QUERY_QUOTA : 804F4562
10:56:41:125 3516 IRP_MJ_SET_QUOTA : 804F4562
10:56:41:125 3516 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
10:56:41:125 3516 sion
10:56:41:140 3516 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
10:56:41:140 3516
10:56:41:140 3516 Driver Name: Disk
10:56:41:140 3516 IRP_MJ_CREATE : F7643BB0
10:56:41:140 3516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:56:41:140 3516 IRP_MJ_CLOSE : F7643BB0
10:56:41:140 3516 IRP_MJ_READ : F763DD1F
10:56:41:140 3516 IRP_MJ_WRITE : F763DD1F
10:56:41:140 3516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:56:41:140 3516 IRP_MJ_SET_INFORMATION : 804F4562
10:56:41:140 3516 IRP_MJ_QUERY_EA : 804F4562
10:56:41:140 3516 IRP_MJ_SET_EA : 804F4562
10:56:41:140 3516 IRP_MJ_FLUSH_BUFFERS : F763E2E2
10:56:41:140 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:56:41:140 3516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:56:41:140 3516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:56:41:140 3516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:56:41:140 3516 IRP_MJ_DEVICE_CONTROL : F763E3BB
10:56:41:140 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7641F28
10:56:41:140 3516 IRP_MJ_SHUTDOWN : F763E2E2
10:56:41:140 3516 IRP_MJ_LOCK_CONTROL : 804F4562
10:56:41:140 3516 IRP_MJ_CLEANUP : 804F4562
10:56:41:140 3516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:56:41:140 3516 IRP_MJ_QUERY_SECURITY : 804F4562
10:56:41:140 3516 IRP_MJ_SET_SECURITY : 804F4562
10:56:41:140 3516 IRP_MJ_POWER : F763FC82
10:56:41:140 3516 IRP_MJ_SYSTEM_CONTROL : F764499E
10:56:41:140 3516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:56:41:140 3516 IRP_MJ_QUERY_QUOTA : 804F4562
10:56:41:140 3516 IRP_MJ_SET_QUOTA : 804F4562
10:56:41:140 3516 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
10:56:41:140 3516 sion
10:56:41:156 3516 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
10:56:41:156 3516
10:56:41:156 3516 Driver Name: Disk
10:56:41:156 3516 IRP_MJ_CREATE : F7643BB0
10:56:41:156 3516 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
10:56:41:156 3516 IRP_MJ_CLOSE : F7643BB0
10:56:41:156 3516 IRP_MJ_READ : F763DD1F
10:56:41:156 3516 IRP_MJ_WRITE : F763DD1F
10:56:41:156 3516 IRP_MJ_QUERY_INFORMATION : 804F4562
10:56:41:156 3516 IRP_MJ_SET_INFORMATION : 804F4562
10:56:41:156 3516 IRP_MJ_QUERY_EA : 804F4562
10:56:41:156 3516 IRP_MJ_SET_EA : 804F4562
10:56:41:156 3516 IRP_MJ_FLUSH_BUFFERS : F763E2E2
10:56:41:156 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
10:56:41:156 3516 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
10:56:41:156 3516 IRP_MJ_DIRECTORY_CONTROL : 804F4562
10:56:41:156 3516 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
10:56:41:156 3516 IRP_MJ_DEVICE_CONTROL : F763E3BB
10:56:41:156 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7641F28
10:56:41:156 3516 IRP_MJ_SHUTDOWN : F763E2E2
10:56:41:156 3516 IRP_MJ_LOCK_CONTROL : 804F4562
10:56:41:156 3516 IRP_MJ_CLEANUP : 804F4562
10:56:41:156 3516 IRP_MJ_CREATE_MAILSLOT : 804F4562
10:56:41:156 3516 IRP_MJ_QUERY_SECURITY : 804F4562
10:56:41:156 3516 IRP_MJ_SET_SECURITY : 804F4562
10:56:41:156 3516 IRP_MJ_POWER : F763FC82
10:56:41:156 3516 IRP_MJ_SYSTEM_CONTROL : F764499E
10:56:41:156 3516 IRP_MJ_DEVICE_CHANGE : 804F4562
10:56:41:156 3516 IRP_MJ_QUERY_QUOTA : 804F4562
10:56:41:156 3516 IRP_MJ_SET_QUOTA : 804F4562
10:56:41:156 3516 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
10:56:41:156 3516 sion
10:56:41:171 3516 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
10:56:41:171 3516
10:56:41:171 3516 Driver Name: atapi
10:56:41:171 3516 IRP_MJ_CREATE : F748FB3A
10:56:41:171 3516 IRP_MJ_CREATE_NAMED_PIPE : F748FB3A
10:56:41:171 3516 IRP_MJ_CLOSE : F748FB3A
10:56:41:171 3516 IRP_MJ_READ : F748FB3A
10:56:41:171 3516 IRP_MJ_WRITE : F748FB3A
10:56:41:171 3516 IRP_MJ_QUERY_INFORMATION : F748FB3A
10:56:41:171 3516 IRP_MJ_SET_INFORMATION : F748FB3A
10:56:41:171 3516 IRP_MJ_QUERY_EA : F748FB3A
10:56:41:171 3516 IRP_MJ_SET_EA : F748FB3A
10:56:41:171 3516 IRP_MJ_FLUSH_BUFFERS : F748FB3A
10:56:41:171 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : F748FB3A
10:56:41:171 3516 IRP_MJ_SET_VOLUME_INFORMATION : F748FB3A
10:56:41:171 3516 IRP_MJ_DIRECTORY_CONTROL : F748FB3A
10:56:41:171 3516 IRP_MJ_FILE_SYSTEM_CONTROL : F748FB3A
10:56:41:171 3516 IRP_MJ_DEVICE_CONTROL : F748FB3A
10:56:41:171 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F748FB3A
10:56:41:171 3516 IRP_MJ_SHUTDOWN : F748FB3A
10:56:41:171 3516 IRP_MJ_LOCK_CONTROL : F748FB3A
10:56:41:171 3516 IRP_MJ_CLEANUP : F748FB3A
10:56:41:171 3516 IRP_MJ_CREATE_MAILSLOT : F748FB3A
10:56:41:171 3516 IRP_MJ_QUERY_SECURITY : F748FB3A
10:56:41:171 3516 IRP_MJ_SET_SECURITY : F748FB3A
10:56:41:171 3516 IRP_MJ_POWER : F748FB3A
10:56:41:171 3516 IRP_MJ_SYSTEM_CONTROL : F748FB3A
10:56:41:171 3516 IRP_MJ_DEVICE_CHANGE : F748FB3A
10:56:41:171 3516 IRP_MJ_QUERY_QUOTA : F748FB3A
10:56:41:171 3516 IRP_MJ_SET_QUOTA : F748FB3A
10:56:41:171 3516 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
10:56:41:171 3516 TDL3_IrpHookDetect: New IrpHandler addr: 86D068C8
10:56:41:171 3516 ihd: 10, FFDF0308, 510, 134, 3, 120, 0
10:56:41:171 3516 Driver "atapi" Irp handler infected by TDSS rootkit ... 10:56:41:171 3516 cured
10:56:41:187 3516 siohd: 0
10:56:41:203 3516 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
10:56:41:203 3516 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 10:56:41:203 3516 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
10:56:41:203 3516 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
10:56:41:812 3516 vfvi6
10:56:41:984 3516 !dsvbh1
10:56:42:484 3516 dsvbh2
10:56:42:484 3516 fdfb2
10:56:42:484 3516 Backup copy found, using it..
10:56:42:531 3516 will be cured on next reboot
10:56:42:531 3516 Reboot required for cure complete..
10:56:42:562 3516 Cure on reboot scheduled successfully
10:56:42:562 3516
10:56:42:578 3516 Completed
10:56:42:578 3516
10:56:42:578 3516 Results:
10:56:42:578 3516 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
10:56:42:578 3516 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
10:56:42:578 3516 File objects infected / cured / cured on reboot: 1 / 0 / 1
10:56:42:578 3516
10:56:42:578 3516 UnloadDriverW: NtUnloadDriver error 1
10:56:42:578 3516 KLMD_Unload: UnloadDriverW(klmd21) error 1
10:56:42:578 3516 KLMD(ARK) unloaded successfully


Report •

#18
February 27, 2010 at 11:33:33
Run ATF cleaner again and empty vthe restore folder.

Are you still being redirected?



Report •

#19
February 27, 2010 at 12:01:52
i ran atf cleaner and deleted the old restore points. i havent made the new restore point yet though. sadly i am still being redirected, but i havent started windows up again. shall i try that?

Report •

#20
February 27, 2010 at 12:06:56
oh and do you want me to create the restore point before or after i restart?

Report •

#21
February 27, 2010 at 12:15:43
Run this tool, maybe we can find the MD5 that is patched and replace it. The file will be log and may take two or three post to get it all to us.


Report •

#22
February 27, 2010 at 12:40:55
ermm dear jabuck, i think you forgot to specify the tool on accident

Report •

#23
February 27, 2010 at 14:19:51
Ooooopps,,p.
Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#24
February 27, 2010 at 16:24:27
i ran QTL but creating the restore point is taking over an hour. it still isnt over yet.

but as it was scanning this box popped up saying

Access violation at address 00402903 in module 'OTL.exe'. Read of address 0024C000.

so then i clicked ok

and im starting to wonder if im supposed to restart the scan or not?


Report •

#25
February 27, 2010 at 16:34:23
Restart the scan and see if it will run all the way through.

Report •

#26
February 27, 2010 at 18:02:29
OTL logfile created on: 2/27/2010 5:44:49 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Erica Hong\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 403.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 129.00 Gb Free Space | 92.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIGNINJA
Current User Name: Erica Hong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/02/27 14:33:16 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erica Hong\Desktop\OTL.exe
PRC - [2010/02/15 18:07:02 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/02/15 18:06:48 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2010/01/09 11:48:59 | 000,051,200 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2009/12/22 15:16:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/09/21 13:11:34 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/22 07:22:54 | 000,623,984 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/06 02:34:52 | 000,096,792 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\PersistenceThread.exe
PRC - [2009/07/06 02:34:50 | 000,481,816 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/07/06 02:34:50 | 000,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2009/07/06 02:34:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/06/03 12:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/27 13:24:54 | 000,247,080 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/29 17:15:32 | 017,529,856 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009/02/18 12:14:00 | 000,025,088 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
PRC - [2009/02/18 12:13:58 | 002,441,216 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
PRC - [2009/02/18 12:13:26 | 002,174,976 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/11 10:46:56 | 000,177,384 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\PlayMovie\PMVService.exe
PRC - [2008/12/10 22:39:28 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/10 22:39:20 | 000,148,776 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMAgent.exe
PRC - [2008/05/26 20:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 04:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/02/27 14:33:16 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erica Hong\Desktop\OTL.exe
MOD - [2008/04/14 04:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2008/04/14 04:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010/02/15 18:06:48 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2010/01/09 11:48:59 | 000,051,200 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2009/12/22 15:16:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/04 16:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 11:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/08/28 19:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/06/03 12:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/18 12:14:00 | 000,025,088 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 01:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/02/27 10:56:42 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tsk1A.tmp -- (atapi)
DRV - [2009/11/04 16:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 16:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 16:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 16:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 16:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/06/24 23:14:00 | 005,097,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (igd)
DRV - [2009/05/25 18:17:28 | 000,093,952 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ETD.sys -- (ETD)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/09 10:23:02 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/03/29 17:15:36 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/29 17:15:28 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/03/29 17:15:16 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/18 13:30:22 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/12 09:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/18 12:13:44 | 001,950,976 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/01/13 17:01:00 | 000,271,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2008/12/23 12:18:44 | 000,157,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008/11/26 06:02:04 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2008/11/04 18:24:58 | 000,014,248 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2008/07/30 01:44:18 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/04/14 04:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 04:00:00 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2007/06/07 17:00:02 | 000,148,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

Report •

#27
February 27, 2010 at 18:06:22
DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


[color=#E56717]========== Standard Registry (All) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC17...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC17...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/03 16:39:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/22 15:16:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/02/27 10:43:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Dell\Media Experience\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\Dell\Media Experience\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Dell\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Erica Hong\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Erica Hong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Erica Hong\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


Report •

#28
February 27, 2010 at 18:07:04
[2010/02/27 14:33:13 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Erica Hong\Desktop\OTL.exe
[2010/02/27 13:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erica Hong\Application Data\Apple Computer
[2010/02/27 13:46:49 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/02/27 13:46:49 | 000,026,600 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2010/02/27 13:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/27 13:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/27 13:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/27 13:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/02/27 13:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/27 13:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/27 13:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erica Hong\Local Settings\Application Data\Apple
[2010/02/27 13:43:50 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/02/27 13:43:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/02/27 13:43:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/02/27 13:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/02/27 13:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/27 13:41:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erica Hong\Local Settings\Application Data\Apple Computer
[2010/02/27 13:40:23 | 098,181,416 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Erica Hong\Desktop\iTunesSetup.exe
[2010/02/27 11:51:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/27 11:51:30 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Erica Hong\Desktop\ATF-Cleaner.exe
[2010/02/27 10:55:11 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Erica Hong\Desktop\TDSSKiller.exe
[2010/02/15 22:56:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/02/13 15:17:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/13 08:56:01 | 000,031,752 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/02/12 19:15:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/12 19:13:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/12 19:13:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/12 19:13:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/12 19:13:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/12 19:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/12 19:12:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/08 15:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/08 15:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erica Hong\Application Data\SUPERAntiSpyware.com
[2010/02/08 15:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/06 22:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erica Hong\Application Data\Malwarebytes
[2010/02/06 22:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/05 18:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/02/05 17:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/02/05 17:47:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/01/31 12:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Erica Hong\Application Data\U3
[2010/01/21 13:54:00 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Erica Hong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 21:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/19 19:48:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/13 15:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/01/10 17:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\SupportSoft
[2010/01/09 10:36:35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/09 10:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Stardock_Corporation
[2010/01/09 09:47:31 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Erica Hong\Application Data\desktop.ini
[2010/01/09 09:47:30 | 004,293,662 | -H-- | C] () -- C:\Documents and Settings\Erica Hong\Local Settings\Application Data\IconCache.db
[2010/01/09 09:47:30 | 000,050,552 | ---- | C] () -- C:\Documents and Settings\Erica Hong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/22 15:31:19 | 000,000,108 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
[2008/04/25 17:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 05:39:02 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/06/29 18:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 18:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 19:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 19:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/02/27 14:33:16 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erica Hong\Desktop\OTL.exe
[2010/02/27 13:46:51 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/27 13:44:43 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/27 13:43:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/27 13:40:29 | 098,181,416 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Erica Hong\Desktop\iTunesSetup.exe
[2010/02/27 13:29:40 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Erica Hong\Desktop\TDSSKiller.exe
[2010/02/27 11:51:31 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Erica Hong\Desktop\ATF-Cleaner.exe
[2010/02/27 10:56:42 | 000,031,752 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmdb.sys
[2010/02/27 10:44:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/27 10:43:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/27 10:43:06 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/02/27 10:43:03 | 000,051,200 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/02/27 10:43:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/27 10:42:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/27 10:41:54 | 000,009,987 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/02/27 10:41:51 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Erica Hong\NTUSER.DAT
[2010/02/27 10:41:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Erica Hong\ntuser.ini
[2010/02/27 10:09:45 | 003,874,477 | R--- | M] () -- C:\Documents and Settings\Erica Hong\Desktop\ComboFix.exe
[2010/02/27 09:58:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/16 19:56:12 | 004,293,662 | -H-- | M] () -- C:\Documents and Settings\Erica Hong\Local Settings\Application Data\IconCache.db
[2010/02/16 18:32:25 | 000,012,330 | ---- | M] () -- C:\Documents and Settings\Erica Hong\My Documents\Measuring Reaction Time Data Table.docx
[2010/02/13 15:37:34 | 000,017,920 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/02/12 19:15:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/02/11 19:59:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/08 17:59:18 | 000,015,267 | ---- | M] () -- C:\Documents and Settings\Erica Hong\My Documents\Hotwheels.docx
[2010/02/08 09:18:20 | 000,050,552 | ---- | M] () -- C:\Documents and Settings\Erica Hong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/08 09:16:48 | 000,215,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/02 18:38:44 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Erica Hong\My Documents\Natural Selection.doc
[2010/01/31 15:56:39 | 000,132,269 | ---- | M] () -- C:\Documents and Settings\Erica Hong\My Documents\George Halas.docx
[2010/01/31 12:33:08 | 000,012,171 | ---- | M] () -- C:\Documents and Settings\Erica Hong\My Documents\Color.docx
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/02/27 13:46:51 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/02/27 13:44:43 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/02/27 13:43:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/27 10:09:43 | 003,874,477 | R--- | C] () -- C:\Documents and Settings\Erica Hong\Desktop\ComboFix.exe
[2010/02/16 18:17:20 | 000,012,330 | ---- | C] () -- C:\Documents and Settings\Erica Hong\My Documents\Measuring Reaction Time Data Table.docx
[2010/02/12 19:15:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/12 19:15:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/12 19:13:18 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/12 19:13:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/12 19:13:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/12 19:13:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/12 19:13:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/11 19:59:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/01 20:07:55 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Erica Hong\My Documents\Natural Selection.doc
[2010/01/31 14:41:20 | 000,132,269 | ---- | C] () -- C:\Documents and Settings\Erica Hong\My Documents\George Halas.docx
[2010/01/31 12:23:17 | 000,012,171 | ---- | C] () -- C:\Documents and Settings\Erica Hong\My Documents\Color.docx
[2010/01/31 12:13:59 | 000,015,267 | ---- | C] () -- C:\Documents and Settings\Erica Hong\My Documents\Hotwheels.docx
[2010/01/22 18:58:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010/01/10 19:12:09 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/12/22 16:42:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2009/12/22 16:37:19 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/12/22 15:49:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/12/22 15:20:55 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/22 15:20:53 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/12/22 15:17:21 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2008/04/25 17:42:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/13 16:10:32 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< >[/color]
< End of report >

[color=#A23BEC]< MD5 for: [2008/04/14 04:00:00 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

[color=#A23BEC]< MD5 for: [2008/04/14 04:00:00 | 000,181,248 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: [2008/04/14 04:00:00 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll

[color=#A23BEC]< MD5 for: [2008/04/14 04:06:40 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\AGP440.SYS

[color=#A23BEC]< MD5 for: [2008/04/14 04:10:32 | 000,096,512 | ---- | M] () >[/color]
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] () -- C:\WINDOWS\system32\drivers\atapi.sys

[color=#A23BEC]< MD5 for: [2008/04/14 04:10:32 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION) >[/color]
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\atapi.sys

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< >[/color]

< End of report >


Report •

#29
February 27, 2010 at 18:09:08
OTL Extras logfile created on: 2/27/2010 5:44:49 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Documents and Settings\Erica Hong\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 403.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.24 Gb Total Space | 129.00 Gb Free Space | 92.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PIGNINJA
Current User Name: Erica Hong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC1172F-1253-4844-A50C-B8C9981FE962}" = CyberLink PowerDVD 8.0 SE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24E305F-F373-4114-89FD-63CA8883BFB5}" = Multi-Touch Gestures Demo
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E00B477F-8558-45DA-B25A-69935FB89A94}" = Dell Dock
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.01.01.0116)
"Dell Webcam Central" = Dell Webcam Central

Report •

#30
February 27, 2010 at 18:11:01
"Elantech" = ETDWare PS/2-x86 7.0.4.9_WHQL
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"InstallShield_{CBC1172F-1253-4844-A50C-B8C9981FE962}" = CyberLink PowerDVD 8.0 SE
"KOIELangPack" = Korean Language Support
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 3:51:50 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 2/27/2010 3:51:54 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ Application Events ]
Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 3:51:50 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 2/27/2010 3:51:54 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 1/31/2010 7:48:35 PM | Computer Name = PIGNINJA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/1/2010 9:45:11 PM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/2/2010 10:06:54 PM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/2/2010 10:07:22 PM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/3/2010 12:43:46 AM | Computer Name = PIGNINJA | Source = PSched | ID = 14103
Description = QoS [Adapter {BD62BFE7-E5F4-45A8-877C-5964DDE961A8}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 2/4/2010 1:04:47 AM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/8/2010 1:19:30 PM | Computer Name = PIGNINJA | Source = DCOM | ID = 10010
Description = The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register
with DCOM within the required timeout.

Error - 2/8/2010 6:36:42 PM | Computer Name = PIGNINJA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 2/8/2010 6:36:50 PM | Computer Name = PIGNINJA | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/8/2010 6:41:51 PM | Computer Name = PIGNINJA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.


< End of report >

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC1172F-1253-4844-A50C-B8C9981FE962}" = CyberLink PowerDVD 8.0 SE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24E305F-F373-4114-89FD-63CA8883BFB5}" = Multi-Touch Gestures Demo
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E00B477F-8558-45DA-B25A-69935FB89A94}" = Dell Dock
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA012" = Integrated Webcam Driver (1.01.01.0116)
"Dell Webcam Central" = Dell Webcam Central
"Elantech" = ETDWare PS/2-x86 7.0.4.9_WHQL
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"InstallShield_{CBC1172F-1253-4844-A50C-B8C9981FE962}" = CyberLink PowerDVD 8.0 SE
"KOIELangPack" = Korean Language Support
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0


Report •

#31
February 27, 2010 at 18:12:13
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 3:51:50 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 2/27/2010 3:51:54 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ Application Events ]
Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 2:43:04 PM | Computer Name = PIGNINJA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 2/27/2010 3:51:50 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 2/27/2010 3:51:54 PM | Computer Name = PIGNINJA | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ System Events ]
Error - 1/31/2010 7:48:35 PM | Computer Name = PIGNINJA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/1/2010 9:45:11 PM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/2/2010 10:06:54 PM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/2/2010 10:07:22 PM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/3/2010 12:43:46 AM | Computer Name = PIGNINJA | Source = PSched | ID = 14103
Description = QoS [Adapter {BD62BFE7-E5F4-45A8-877C-5964DDE961A8}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 2/4/2010 1:04:47 AM | Computer Name = PIGNINJA | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 2/8/2010 1:19:30 PM | Computer Name = PIGNINJA | Source = DCOM | ID = 10010
Description = The server {BA126AD1-2166-11D1-B1D0-00805FC1270E} did not register
with DCOM within the required timeout.

Error - 2/8/2010 6:36:42 PM | Computer Name = PIGNINJA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 2/8/2010 6:36:50 PM | Computer Name = PIGNINJA | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 2/8/2010 6:41:51 PM | Computer Name = PIGNINJA | Source = DCOM | ID = 10010
Description = The server {B44D92F9-978C-42F3-9382-6EAD817BA0AE} did not register
with DCOM within the required timeout.


< End of report >

Report •

#32
February 27, 2010 at 19:06:47
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following text between the X's.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:OTL

:Files
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys|C:\WINDOWS\ERDNT\cache\atapi.sys /replace
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.

Let me know if that stoped the redirects.


Report •

#33
February 27, 2010 at 19:44:40
WHAA i love you!! thank you so much it stopped redirecting me aha thank you so muchh :]

Report •

#34
February 27, 2010 at 19:51:52
Good job.

Do the clean-up again...important.

Glad we could help.


Report •

#35
March 1, 2010 at 18:41:37
jabuck- I have a similar/exact condition of redirects only IE won't open at all. I say redirect because Mozilla opens and get them there. You put a lot of time with amy1212, with success. My McAfee didn't catch this problem, Adaware doesn't help. Any direction would help. Would following the steps above help me you think?

Report •

Ask Question