Author Topic: [Resolved] Redirected Google searches/DCOM Countdown HiJackThis Log File  (Read 3134 times)

0 Members and 1 Guest are viewing this topic.

Offline BlueTheDog

  • Bronze Member
  • Posts: 10
Hi and thank you.
3 days ago, I found my computer redirecting Google searches to spam pages,
 and encountered a shut counter by NT Authority\System
I use Firefox 3.6.
I was sent here by a friend at Dell who refers your forum, and saw TrentLott's post,
and realized I had the same issue.
Thank you for any help ridding this slime.
(PS- I am keeping my system up long enough, by using
shutdown.exe -a in C:\WINDOWS\system32\cmd.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:25 PM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\Program Files\Verizon\McciBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-1366901623-1932387853-726740026-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1366901623-1932387853-726740026-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1366901623-1932387853-726740026-1007\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE (User '?')
O4 - HKUS\S-1-5-21-1366901623-1932387853-726740026-1007\..\Run: [Google Update] "C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094572032838
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124649612031
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/msn/TrueInstallMSN.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - http://sudbury.ma.us/services/InfoSys/custom/LemboRetirementFadgenInstallment2004Jan22/P1010061.JPG
O24 - Desktop Component 1: (no name) - http://s.deviantart.com/styles/blank.png

--
End of file - 12519 bytes
« Last Edit: February 04, 2010, 04:53:36 am by Maurice Naggar »


Don't blame me, I voted for Scott Brown

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Re: Redirected Google searches/DCOM Countdown HiJackThis Log File
« Reply #1 on: January 30, 2010, 08:11:16 pm »
Hello EdToo,

Please see about disabling Spysweeper while we hunt for malwares. Also, tell me if that version has an antivirus component.
Use this next as a reference.  But do not turn off your firewall.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start with the following and do as much as you can, perferrably in one session:
Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then  Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 3
Take out the trash (temporary files & temporary internet files)
Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.
Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:
Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
 ATF-Cleaner should be run per the above in every user-login account {User Profile}

Step 4
Open McAfee Security Centre
  • Under Common Tasks click on  Home
  • Click Computer Files
  • Click Configure


  • Make sure the following are disabled by ticking the "Off" button.
  • -->Virus protection
  • -->Spyware protection
  • -->System Guards Protection
  • -->Script Scanning Protection   (you may have to scroll down to see it)
  • and click OK.


Step 5
Please download & save Malwarebytes Anti-Malware from
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm  or
http://www.besttechie.net/tools/mbam-setup.exe   or
http://malwarebytes.gt500.org/mbam.jsp

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
       
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
       
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Step 6
Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or
http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.


Step 7
Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt".
  • Save it where you can easily find it, such as your desktop.


Please include the following logs in your next reply:
the MBAM scan log
DDS.txt
Attach.txt
Gmer.txt AND
tell me if the search redirects are only in Firefox or if also in Internet Explorer !!
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline BlueTheDog

  • Bronze Member
  • Posts: 10
Hi Maurice,
Thank you so much for your help.
I'm following your steps above, but a couple quick questions/observations to be clear, please.

I have the MSN (Verizon) branded WebrootSpySweeper, so I may not have
the exact settings above. For instance I don't see
- Uncheck "home page shield".
- Uncheck "automatically restore default without notification".

Also, I have disabled every shield, but at the bottom of that page,
the pup shield does not have an 'off' option - and even though I do NOT have
the SpySweeper Virus package, the box with "pup shield is ON" also says
"Virus Shield ON". I have no option to change that -
But I do have "Shut Down" in the system tray.

One other thing: I had downloaded/updated MalwareBytes from another link
here on SpywareHammer a few days ago, if that's okay.
Going on to that step now...

Malwarebytes' Anti-Malware 1.44
Database version: 3660
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/31/2010 12:31:41 PM
mbam-log-2010-01-31 (12-31-41).txt

Scan type: Quick Scan
Objects scanned: 132155
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
« Last Edit: January 31, 2010, 11:32:55 am by EdToo »
Don't blame me, I voted for Scott Brown

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
The MBAM scan is fine. Though I imagine the search redirects are still happening?

Go forward to getting the DDS logs & the Gmer log.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline BlueTheDog

  • Bronze Member
  • Posts: 10
Thank you Maurice,
Below is what I have so far:
[Note: to keep my system from shutting down,
I'm using cmd prompt C:\Documents and Settings\Dad>shutdown.exe -a]

The Gmer program froze my system
when I hit scan (since nothing showed after 1st), and
clicking when Gmer.txt from the desktop to paste it here,
I got the following system shutdown (but- it worked upon reboot):
STOP: c000021a {fatal system error}
The Windows subsystem system process terminated unexpectedly with a status of
0x   c0000005 (0x00004d7c 0x006ddfe8).
The System has been shut down

Gmer.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-31 13:05:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\uwtoapow.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  ZwClose [0xB013F1CF]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwCreateFile [0xB15634E8]
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  ZwCreateSection [0xB013F43A]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwMapViewOfSection [0xB1563528]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwOpenProcess [0xB1563470]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwOpenThread [0xB1563484]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwProtectVirtualMemory [0xB15634FC]
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  ZwSetInformationFile [0xB013E916]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwUnmapViewOfSection [0xB156353E]
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  ZwWriteFile [0xB013E562]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwYieldExecution [0xB1563512]
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  IoCreateFile
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  NtClose
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        NtCreateFile
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  NtCreateSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        NtMapViewOfSection
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        NtOpenProcess
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        NtOpenThread
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  NtSetInformationFile
Code            \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.)  NtWriteFile

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                            SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice  \FileSystem\Fastfat \Fat                                                                            mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device          \Driver\Tcpip \Device\Ip                                                                            8AE414D8
Device          \Driver\Tcpip \Device\Ip                                                                            8AB8AC80

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                            Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device          \Driver\Tcpip \Device\Tcp                                                                           8AE414D8
Device          \Driver\Tcpip \Device\Tcp                                                                           8AB8AC80

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                           Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device          \Driver\Tcpip \Device\Udp                                                                           8AE414D8
Device          \Driver\Tcpip \Device\Udp                                                                           8AB8AC80

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                           Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device          \Driver\Tcpip \Device\RawIp                                                                         8AE414D8
Device          \Driver\Tcpip \Device\RawIp                                                                         8AB8AC80

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                         Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device           -> \Driver\atapi \Device\Harddisk0\DR0                                                             8B049856

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\system32\drivers\atapi.sys                                                               suspicious modification

---- EOF - GMER 1.0.15 ----

DDS.txt


DDS (Ver_09-12-01.01) - NTFSx86 
Run by Dad at 12:33:47.04 on Sun 01/31/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
AV: McAfee VirusScan *On-access scanning disabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.dell4me.com/myway
uWindow Title = Microsoft Internet Explorer provided by Verizon Online
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dad\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: <NO NAME> =
IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094572032838
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124649612031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://crucial.com/controls/cpcScanner.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab
DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - hxxp://www.trueswitch.com/msn/TrueInstallMSN.exe
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\bp0skr4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1065207&SearchSource=3&q=
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\bp0skr4h.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dad\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-01-30 22:30:10   0   d-----w-   c:\program files\Trend Micro
2010-01-28 23:33:59   0   d-----w-   c:\docume~1\dad\applic~1\Malwarebytes
2010-01-28 23:33:40   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 23:33:32   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-28 23:33:31   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-28 23:33:26   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-27 12:24:29   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-01-18 16:17:24   244   ---ha-w-   C:\sqmnoopt09.sqm
2010-01-18 16:17:24   232   ---ha-w-   C:\sqmdata09.sqm
2010-01-12 19:23:41   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll

==================== Find3M  ====================

2009-12-22 05:21:05   667136   ----a-w-   c:\windows\system32\wininet.dll
2009-12-22 05:21:05   667136   ------w-   c:\windows\system32\dllcache\wininet.dll
2009-12-22 05:21:03   627712   ------w-   c:\windows\system32\dllcache\urlmon.dll
2009-12-22 05:21:02   1509888   ------w-   c:\windows\system32\dllcache\shdocvw.dll
2009-12-22 05:21:00   3071488   ------w-   c:\windows\system32\dllcache\mshtml.dll
2009-12-22 05:20:58   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-12-22 05:20:58   81920   ------w-   c:\windows\system32\dllcache\ieencode.dll
2009-12-17 22:14:00   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-08-07 16:13:23   8050536   ----a-w-   c:\program files\Firefox Setup 3.5.2.exe
2009-08-03 21:09:24   110461   ----a-w-   c:\program files\mortgagecommitment letter8-09.pdf
2009-07-23 17:01:52   1615732   ----a-w-   c:\program files\ProcessExplorer.zip
2009-02-23 16:47:49   2160606   ----a-w-   c:\program files\TweetDeck_0_21_5.air
2008-12-11 04:20:26   16320472   ----a-w-   c:\program files\vlc-0.9.8a-win32.exe
2008-11-12 23:20:32   487600   ----a-w-   c:\program files\GoogleVoiceAndVideoSetup.exe
2008-11-03 21:41:43   3520552   ----a-w-   c:\program files\procexp.exe
2008-10-09 19:15:38   1495112   ----a-w-   c:\program files\install_flash_player.exe
2008-08-21 23:14:09   2539   ----a-w-   c:\program files\slogan-pop.jpg
2008-08-13 02:11:18   22441768   ----a-w-   c:\program files\SkypeSetup.exe
2008-08-02 20:55:31   523013   ----a-w-   c:\program files\MarketSamurai.0.50.air
2008-07-19 18:51:05   5106496   ----a-w-   c:\program files\jing_setup.exe
2008-07-19 18:04:11   1364995   ----a-w-   c:\program files\CamStudio20.exe
2008-07-04 16:08:06   7496920   ----a-w-   c:\program files\Firefox%20Setup%203.0.exe
2008-06-26 18:29:29   7496920   ----a-w-   c:\program files\Firefox Setup 3.0.exe
2008-06-25 18:12:24   31870   ----a-w-   c:\program files\BabeRuthProgramAds6-2008pdf.pdf
2008-06-07 20:54:49   185008   ----a-w-   c:\program files\uninstall_flash_player.exe
2008-06-07 20:41:59   42283226   ----a-w-   c:\program files\flash_player_update6_flash9.zip

============= FINISH: 12:35:57.26 ===============

Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player 11.5
America Online (Choose which version to remove)
Anti-Spyware
AOL Coach Version 1.0(Build:20030807.3)
Apple Mobile Device Support
Apple Software Update
Authentium
Banctec Service Agreement
BCM V.92 56K Modem
Bonjour
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
CamStudio
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Critical Update for Windows Media Player 11 (KB959772)
Dell Networking Guide
Dell Solution Center
Dell Support 5.0.0 (766)
DellConnect
Draw 4 App
DS21Patch
DVDSentry
ERUNT 1.1j
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
FileZilla (remove only)
FileZilla Client 3.3.0.1
Google SketchUp 6
Google Talk Plugin
GoToMeeting 4.0.0.320
Help and Support Customization
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
HLPIndex
HLPRFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iLinc Client
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
iPod for Windows 2005-03-23
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jing
Kodak EasyShare software
Macromedia Flash Player
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Market Samurai
MathPlayer
McAfee SecurityCenter
Microsoft  File Transfer Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Phishing Filter Add-in for MSN Search Toolbar
Microsoft Picture It! Photo 7.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MilitaryGame App
Modem Helper
MovieEdit Task
Mozilla Firefox (3.5.2)
MS Access 97 SP2
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Notifier
NVIDIA Windows 2000/XP Display Drivers
OLYMPUS CAMEDIA Master 4.0
OnDVD
OTtBP
OTtBPSDK
PCDADDIN
PCDHELP
PCDLNCH
PhotoStitch
Picture Package
PowerDVD
QuickTime
RAW Image Task 2.2
RealPlayer
Search Warrior Pro 1.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Seesmic Desktop
SFR
SFR2
Shockwave
Skype™ 3.8
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
Sound Blaster Live!
Spy Sweeper for MSN
StomperScrutinizer
StumbleUpon IE Toolbar
SwingSet2 App
Test My Hardware 2.1
TweetDeck
twhirl
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Verizon Broadband Toolbar
Verizon Online
Verizon Online Help and Support
Verizon PC Security Checkup
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Works Suite OS Pack
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

Also, I DO get redirected in Google searches using IE, as well.
Don't blame me, I voted for Scott Brown

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3







* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware[/b] applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.  
Even when ComboFix appears to be doing nothing, look at your Drive light.  
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline BlueTheDog

  • Bronze Member
  • Posts: 10
Well, I have a problem-
I successfully downloaded Combofix,
and during installation, successfully downloaded msft recovery console.

But- about 2 minutes into combo fix, the system shut down to
a blue screen with BAD_POOL_CALLER etc.

I've done nothing since, but restart and come back here to the forum (did not rerun combofix)

Ideas?
Don't blame me, I voted for Scott Brown

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Restart/reboot the system fresh.  Then start Combo-fix as listed by me.  and observe it.

IF the system hiccups again, make sure to write down and give me all details in this thread.
and then if you have to, restart the system again  but then do NOT run anymore Combofix
and in that case, get a new HijackThis log for review
~Maurice Naggar
MS-MVP (October 2002 - September 2010)

Offline BlueTheDog

  • Bronze Member
  • Posts: 10
Here we are sir:

ComboFix 10-02-01.01 - Dad 02/01/2010  13:19:46.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3711.3224 [GMT -5:00]
Running from: c:\documents and settings\Dad\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dad\Local Settings\Temporary Internet Files\f4050cef.bmp
c:\documents and settings\Dad\My Documents\ZbThumbnail.info
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\MailSwitch.ocx
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\cdkuo.dat
c:\windows\system32\Data
c:\windows\system32\xpysys.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
(((((((((((((((((((((((((   Files Created from 2010-01-01 to 2010-02-01  )))))))))))))))))))))))))))))))
.

2010-01-31 16:21 . 2010-01-31 17:42   --------   d-----w-   c:\program files\ERUNT
2010-01-30 22:30 . 2010-01-30 22:30   --------   d-----w-   c:\program files\Trend Micro
2010-01-28 23:33 . 2010-01-28 23:33   --------   d-----w-   c:\documents and settings\Dad\Application Data\Malwarebytes
2010-01-28 23:33 . 2010-01-07 21:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 23:33 . 2010-01-28 23:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-28 23:33 . 2010-01-07 21:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-01-28 23:33 . 2010-01-28 23:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-01-27 12:24 . 2010-01-27 12:24   61440   ----a-w-   c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4923c541-n\decora-sse.dll
2010-01-27 12:24 . 2010-01-27 12:24   503808   ----a-w-   c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-110a1044-n\msvcp71.dll
2010-01-27 12:24 . 2010-01-27 12:24   348160   ----a-w-   c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-110a1044-n\msvcr71.dll
2010-01-27 12:24 . 2010-01-27 12:24   12800   ----a-w-   c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4923c541-n\decora-d3d.dll
2010-01-27 12:24 . 2010-01-27 12:24   499712   ----a-w-   c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-110a1044-n\jmc.dll
2010-01-26 21:09 . 2010-01-26 21:09   --------   d-s---w-   c:\windows\system32\config\systemprofile\UserData
2010-01-12 19:23 . 2009-11-21 15:51   471552   ------w-   c:\windows\system32\dllcache\aclayers.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 23:47 . 2008-07-31 14:46   --------   d-----w-   c:\documents and settings\Dad\Application Data\MSN6
2010-01-27 12:25 . 2004-01-23 00:43   --------   d-----w-   c:\program files\Common Files\Java
2010-01-27 12:23 . 2004-01-23 00:43   --------   d-----w-   c:\program files\Java
2010-01-17 02:29 . 2004-01-23 00:53   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-01-17 02:22 . 2007-05-12 02:46   --------   d-----w-   c:\program files\1&1
2009-12-22 05:21 . 2005-10-21 17:51   667136   ----a-w-   c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 07:56   81920   ----a-w-   c:\windows\system32\ieencode.dll
2009-12-17 22:14 . 2008-12-10 12:42   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-12-08 17:52 . 2009-12-04 13:57   --------   d-----w-   c:\documents and settings\Dad\Application Data\FileZilla
2009-12-04 15:03 . 2009-12-04 15:03   251376   ----a-w-   c:\documents and settings\Dad\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-04 14:00 . 2009-12-04 13:57   --------   d-----w-   c:\program files\FileZilla FTP Client
2009-11-21 15:51 . 2002-08-29 11:00   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-11-05 03:06 . 2009-11-05 03:06   152576   ----a-w-   c:\documents and settings\Dad\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-08-07 16:13 . 2009-08-07 16:12   8050536   ----a-w-   c:\program files\Firefox Setup 3.5.2.exe
2009-08-03 21:09 . 2009-08-03 21:09   110461   ----a-w-   c:\program files\mortgagecommitment letter8-09.pdf
2009-07-23 17:01 . 2009-07-23 17:01   1615732   ----a-w-   c:\program files\ProcessExplorer.zip
2009-02-23 16:47 . 2009-02-23 16:47   2160606   ----a-w-   c:\program files\TweetDeck_0_21_5.air
2008-12-11 04:20 . 2008-12-11 04:18   16320472   ----a-w-   c:\program files\vlc-0.9.8a-win32.exe
2008-11-12 23:20 . 2008-11-12 23:20   487600   ----a-w-   c:\program files\GoogleVoiceAndVideoSetup.exe
2008-11-03 21:41 . 2008-11-03 21:41   3520552   ----a-w-   c:\program files\procexp.exe
2008-10-09 19:15 . 2008-06-07 20:55   1495112   ----a-w-   c:\program files\install_flash_player.exe
2008-08-21 23:14 . 2008-08-21 23:14   2539   ----a-w-   c:\program files\slogan-pop.jpg
2008-08-13 02:11 . 2008-08-13 02:11   22441768   ----a-w-   c:\program files\SkypeSetup.exe
2008-08-02 20:55 . 2008-08-02 20:55   523013   ----a-w-   c:\program files\MarketSamurai.0.50.air
2008-07-19 18:51 . 2008-07-19 18:51   5106496   ----a-w-   c:\program files\jing_setup.exe
2008-07-19 18:04 . 2008-07-19 18:04   1364995   ----a-w-   c:\program files\CamStudio20.exe
2008-07-04 16:08 . 2008-07-04 16:08   7496920   ----a-w-   c:\program files\Firefox%20Setup%203.0.exe
2008-06-26 18:29 . 2008-06-26 18:28   7496920   ----a-w-   c:\program files\Firefox Setup 3.0.exe
2008-06-25 18:12 . 2008-06-25 18:12   31870   ----a-w-   c:\program files\BabeRuthProgramAds6-2008pdf.pdf
2008-06-07 20:54 . 2008-06-07 20:54   185008   ----a-w-   c:\program files\uninstall_flash_player.exe
2008-06-07 20:41 . 2008-06-07 20:38   42283226   ----a-w-   c:\program files\flash_player_update6_flash9.zip
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Google Update"="c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-01-17 36904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-03 4800512]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dad^Start Menu^Programs^Startup^HOTLLAMA Update Check.lnk]
path=c:\documents and settings\Dad\Start Menu\Programs\Startup\HOTLLAMA Update Check.lnk
backup=c:\windows\pss\HOTLLAMA Update Check.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59   122880   ----a-w-   c:\windows\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 12:51   306688   ----a-w-   c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01   135264   ----a-w-   c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2003-08-06 07:04   114741   ----a-w-   c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27   28672   ----a-w-   c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20   290088   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-09-14 02:36   50688   ----a-w-   c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
2002-07-17 17:00   200767   -c--a-w-   c:\program files\Microsoft Money\System\MNYEXPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-11-03 17:46   4800512   ----a-w-   c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-04-08 21:06   208941   ----a-w-   c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01   155648   ----a-w-   c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 17:03   36975   ----a-w-   c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-04-08 21:06   180269   ----a-w-   c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00   90112   ------w-   c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Dad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Dad\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2010-02-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366901623-1932387853-726740026-1007Core.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 05:46]

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1366901623-1932387853-726740026-1007UA.job
- c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 05:46]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-10 01:26]

2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-10 01:26]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1065207&SearchSource=3&q=
FF - component: c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\program files\SiteAdvisor\6261\FF\components\FFHook.dll
FF - plugin: c:\documents and settings\Dad\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Dad\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-svcWRSSSDK
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-eBayToolbar - c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
MSConfigStartUp-VerizonServicepoint - c:\program files\Verizon\Servicepoint\VerizonServicepoint.exe
AddRemove-Search Warrior Pro_is1 - c:\program files\Search Warrior Pro\unins000.exe
AddRemove-uninstall.exe - c:\progra~1\iLinc\CLIENT~1\UNINST~1.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 13:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\WRLogonNTF.dll
.
Completion time: 2010-02-01  13:33:09
ComboFix-quarantined-files.txt  2010-02-01 18:32

Pre-Run: 42,899,910,656 bytes free
Post-Run: 48,527,503,360 bytes free

- - End Of File - - 1CC422F982A103DB6BB93919DAAAB29E
Don't blame me, I voted for Scott Brown

Offline Maurice Naggar

  • Malware Removal Staff
  • Silver Member
  • Posts: 1150
Proceed to do 1 online scan + some other reports, as follows, please.

Using Internet Explorer browser only, go to ESET Online Scanner website:
Vista users should start IE by Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.
  • Accept the Terms of Use and press Start button;

  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.

  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://www.eset.com/onlinescan/cac4.php?page=faq

    • From ESET Tech Support:  If you have ESET NOD32 installed, you should disable it prior to running this scanner.  

    Otherwise the scan will take twice as long to do:  
    everytime the ESET online scanner opens a file on your computer to scan it,  NOD32 on your machine will rescan the file as a result.  
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)  
    • If you use Firefox, you have to install IETab, an add-on.  This is to enable ActiveX support.
    [/list]
    =

    Download >> OTL <<< by OldTimer to your desktop:

    • Close all open windows on the Task Bar.  Double Click the OTL icon (for Vista, right click the icon and Run as Administrator) to start the program.
    • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
    • Now click Run Scan at Top left and let the program run uninterrupted.  It will take about 4 minutes.
    • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
    • Exit Notepad.  Remember where you've saved these 2 files as we will need both of them shortly!
    • Exit OTListIt2 by clicking the X at top right.
    Download Security Check by screen317 and save it to your Desktop: here or here

    • Run Security Check
    • Follow the onscreen instructions inside of the command window.
    • A Notepad document should open automatically called checkup.txt; close Notepad.  We will need this log, too, so remember where you've saved it!
    If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

    Then copy/paste the following into your post (in order):
    • copy of the Eset scan log
    • the contents of OTL.txt;
    • the contents of Extras.txt ; and
    • the contents of checkup.txt AND
      tell me, if the DCOM "shutdown" is gone and
      tell me, if any Google redirect is now still occuring  (and if so, in I.E. ? or Firefox? )



    Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
    Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
    « Last Edit: February 01, 2010, 05:05:04 pm by Maurice Naggar »
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)

    Offline BlueTheDog

    • Bronze Member
    • Posts: 10
    Re: [In Progress] Redirected Google searches/DCOM Countdown HiJackThis Log File
    « Reply #10 on: February 01, 2010, 05:31:19 pm »
    Eset Scan Log:

     C:\Documents and Settings\Dad\My Documents\My Downloads\DellSupportSilentInstall support3.EXE  probably a variant of Win32/Adware.Agent application   deleted - quarantined

     C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\atapi.sys.vir   Win32/Olmarik.SJ virus   deleted - quarantined


    Checkup.txt

     Results of screen317's Security Check version 0.99.1    
     Windows XP Service Pack 3 
    ``````````````````````````````
    Antivirus/Firewall Check:

     Windows Firewall Enabled! 
     ESET Online Scanner v3   
     McAfee SecurityCenter     
    ``````````````````````````````
    Anti-malware/Other Utilities Check:

     Spy Sweeper for MSN 
     Anti-Spyware     
     HijackThis 2.0.2   
     Java(TM) 6 Update 18 
     Java(TM) SE Runtime Environment 6 Update 1
     Java(TM) 6 Update 3 
     Java(TM) 6 Update 5 
     Java(TM) 6 Update 7 
     Java Auto Updater   
     Java 2 Runtime Environment, SE v1.4.2
     Out of date Java installed!
     Adobe Flash Player 10 
    Adobe Reader 7.1.0
    Out of date Adobe Reader installed!
    ``````````````````````````````
    Process Check: 
    objlist.exe by Laurent

     McAfee VIRUSS~1 mcshield.exe 
    ``````````````````````````````
    DNS Vulnerability Check:

     GREAT! (Not vulnerable to DNS cache poisoning)

    `````````End of Log```````````


    I will place the long OTL.txt and Extras.txt in following reply(ies)
    So far, I have been in IE for this phase (following ESET instructions above),
    and the "NT Authority\System" Countdown timer has not returned in >1 hour.

    Also- doing 2 Google searches in IE6 (Microsoft.com and Twitter.com),
    resolved to the correct domain, without redirect.

    After I post these next reports, and before I test Firefox, I'd like to
    bring my security apps back up. (Color me paranoid)  :\
    Don't blame me, I voted for Scott Brown

    Offline BlueTheDog

    • Bronze Member
    • Posts: 10
    Re: [In Progress] Redirected Google searches/DCOM Countdown HiJackThis Log File
    « Reply #11 on: February 01, 2010, 05:55:55 pm »
    OTL.txt Log

    OTL logfile created on: 2/1/2010 6:05:15 PM - Run 1
    OTL by OldTimer - Version 3.1.27.1     Folder = C:\Documents and Settings\Dad\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.46 Gb Total Space | 45.13 Gb Free Space | 60.62% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: DJZ33641
    Current User Name: Dad
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
     
    ========== Processes (SafeList) ==========
     
    PRC - [2010/02/01 18:03:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
    PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009/07/10 02:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
    PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
    PRC - [2009/07/09 23:26:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
    PRC - [2009/07/08 12:43:40 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
    PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2008/11/20 13:20:54 | 000,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
    PRC - [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
    PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/04 22:28:58 | 003,509,560 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    PRC - [2007/01/17 14:24:46 | 000,036,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    PRC - [2005/06/02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2005/05/16 18:45:56 | 000,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
    PRC - [2003/11/03 12:46:00 | 000,073,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe
    PRC - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe
    PRC - [2000/06/26 08:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
    PRC - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2010/02/01 18:03:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
    MOD - [2007/12/18 14:23:45 | 000,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\saHook.dll
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2009/07/10 02:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2009/07/08 14:15:04 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
    SRV - [2009/07/08 12:43:40 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV - [2009/07/08 12:11:52 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
    SRV - [2008/11/20 13:20:44 | 000,536,872 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
    SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
    SRV - [2007/12/04 22:28:58 | 003,509,560 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
    SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
    SRV - [2005/06/02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2005/05/16 18:45:56 | 000,142,416 | R--- | M] (Command Software Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
    SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2003/11/03 12:46:00 | 000,073,728 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)
    SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
    SRV - [2003/01/10 18:13:04 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
    SRV - [2000/06/26 08:44:20 | 000,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
    SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE -- (Creative Service for CDROM Access)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
    DRV - [2009/07/08 12:44:20 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
    DRV - [2009/07/08 12:44:20 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
    DRV - [2009/07/08 12:44:20 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
    DRV - [2009/07/08 12:44:20 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
    DRV - [2009/07/08 12:43:46 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
    DRV - [2008/04/17 13:12:54 | 000,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/12/04 22:24:26 | 000,020,792 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys -- (SSKBFD)
    DRV - [2007/12/04 22:24:24 | 000,145,208 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
    DRV - [2007/12/04 22:24:24 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
    DRV - [2007/12/04 22:24:22 | 000,020,280 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
    DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
    DRV - [2005/05/16 18:44:30 | 000,768,712 | R--- | M] (Command Software Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\css-dvp.sys -- (CSS DVP)
    DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
    DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
    DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
    DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
    DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
    DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
    DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
    DRV - [2004/05/19 12:33:44 | 000,020,016 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
    DRV - [2003/12/03 17:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrbsvsd.sys -- (cdrbsvsd)
    DRV - [2003/11/03 12:46:00 | 001,330,940 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
    DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
    DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
    DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
    DRV - [2003/05/06 10:14:34 | 000,580,992 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
    DRV - [2003/03/04 13:56:26 | 000,145,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys -- (E100B) Intel(R)
    DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
    DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys -- (sonypvs1)
    DRV - [2002/08/29 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
    DRV - [2002/04/01 15:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
    DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
    DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
    DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.defaultenginename: "Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1065207&SearchSource=3&q="
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.5
    FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
    FF - prefs.js..extensions.enabledItems: isgdcreator@postspectacular.com:0.2.2
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
    FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
    FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0
    FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.9
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.62
    FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:2.8
     
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/07 11:14:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/07 11:14:29 | 000,000,000 | ---D | M]
     
    [2008/06/26 13:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
    [2010/01/31 18:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions
    [2009/10/29 11:09:51 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
    [2009/12/08 12:59:27 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
    [2010/01/22 12:05:04 | 000,000,000 | ---D | M] (TwitterBar) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
    [2009/10/29 11:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
    [2009/11/08 19:59:35 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2008/04/04 19:51:08 | 000,000,000 | ---D | M] (del.icio.us) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
    [2010/01/22 12:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2009/11/27 11:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
    [2009/11/06 08:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\firebug@software.joehewitt.com
    [2009/01/20 07:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\isgdcreator@postspectacular.com
    [2009/12/01 10:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\extensions\seo4firefox@seobook.com
    [2007/12/20 12:10:10 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\searchplugins\siteadvisor.gif
    [2007/12/20 12:10:10 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\searchplugins\siteadvisor.src
    [2007/07/23 13:13:21 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\searchplugins\siteadvisor.xml
    [2008/09/06 05:01:47 | 000,001,920 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\searchplugins\tdc-umbrella-phrase-research.xml
    [2008/07/29 11:01:01 | 000,001,281 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\searchplugins\twitter-search.xml
    [2007/08/04 11:59:39 | 000,005,593 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\bp0skr4h.default\searchplugins\wordtracker.xml
    [2010/01/31 18:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
     
    Hosts file not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\verizon\McciTrayApp.exe (Motive Communications, Inc.)
    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\MNYSIDE.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: //@mail.mar@/ ([]msn in Local intranet)
    O15 - HKCU\..Trusted Domains: //@signup.mar@/ ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
    O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Support.com Configuration Class)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab (Reg Error: Key error.)
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab (McAfee.com Operating System Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094572032838 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124649612031 (MUWebControl Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab (DwnldGroupMgr Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab (McFreeScan Class)
    O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/msn/TrueInstallMSN.exe (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
    O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - C:\WINDOWS\System32\WRLogonNtf.dll (Webroot Software, Inc.)
    O24 - Desktop Components:0 () - http://sudbury.ma.us/services/InfoSys/custom/LemboRetirementFadgenInstallment2004Jan22/P1010061.JPG
    O24 - Desktop Components:1 () - http://s.deviantart.com/styles/blank.png
    O24 - Desktop Components:2 (My Current Home Page) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O34 - HKLM BootExecute: (SsiEfr.e) -  File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2010/02/01 18:03:04 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
    [2010/02/01 17:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/02/01 08:29:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/02/01 08:27:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/02/01 08:27:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/02/01 08:27:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/02/01 08:27:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/02/01 08:25:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/01/31 12:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Desktop\gmer
    [2010/01/31 11:26:55 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Dad\Desktop\ATF-Cleaner.exe
    [2010/01/31 11:23:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/01/31 11:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2010/01/31 11:19:54 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Documents and Settings\Dad\Desktop\erunt-setup.exe
    [2010/01/30 17:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/01/30 17:29:51 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Dad\Desktop\HJTInstall.exe
    [2010/01/28 18:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Malwarebytes
    [2010/01/28 18:33:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/01/28 18:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/01/28 18:33:31 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/01/28 18:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/01/28 18:31:51 | 005,115,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Dad\Desktop\mbam-setup.exe
    [2010/01/27 07:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/01/27 07:24:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2010/01/27 07:24:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/01/27 07:24:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/01/27 07:24:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/01/12 14:23:41 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
    [2009/08/07 11:12:35 | 008,050,536 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.5.2.exe
    [2009/02/06 08:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2008/12/29 17:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2008/11/12 18:20:31 | 000,487,600 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe
    [2008/11/03 16:41:42 | 003,520,552 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
    [2008/08/12 21:11:00 | 022,441,768 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
    [2008/07/04 11:08:41 | 007,496,920 | ---- | C] (Mozilla) -- C:\Program Files\Firefox%20Setup%203.0.exe
    [2008/06/26 13:28:43 | 007,496,920 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.exe
    [2008/06/07 15:55:33 | 001,495,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
    [2008/06/07 15:54:53 | 000,185,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\uninstall_flash_player.exe
    [2008/03/07 00:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2008/03/07 00:12:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2008/03/07 00:07:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Webroot
    [2008/03/07 00:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
    [2007/10/24 13:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2007/02/09 10:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    [2006/12/12 08:07:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2006/05/03 21:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Webroot
    [2006/02/02 22:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2006/01/18 19:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2005/04/11 19:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2004/01/22 19:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2010/02/01 18:03:06 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
    [2010/02/01 17:59:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    [2010/02/01 17:28:05 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1366901623-1932387853-726740026-1007UA.job
    [2010/02/01 13:33:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/02/01 13:28:47 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/02/01 13:16:57 | 003,842,807 | R--- | M] () -- C:\Documents and Settings\Dad\Desktop\Combo-Fix.exe
    [2010/02/01 12:28:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1366901623-1932387853-726740026-1007Core.job
    [2010/02/01 09:36:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/02/01 08:40:14 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
    [2010/02/01 08:39:39 | 000,030,445 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
    [2010/02/01 08:37:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
    [2010/02/01 08:37:55 | 3891,318,784 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/01 08:29:57 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
    [2010/02/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
    [2010/01/31 13:24:11 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Dad\ntuser.dat
    [2010/01/31 12:41:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\gmer.zip
    [2010/01/31 12:33:37 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
    [2010/01/31 12:02:39 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Dad\Desktop\ATF-Cleaner.exe
    [2010/01/31 11:21:47 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\NTREGOPT.lnk
    [2010/01/31 11:21:47 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\ERUNT.lnk
    [2010/01/31 11:19:55 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Documents and Settings\Dad\Desktop\erunt-setup.exe
    [2010/01/30 17:31:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\HijackThis.lnk
    [2010/01/30 17:29:52 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Dad\Desktop\HJTInstall.exe
    [2010/01/29 17:26:30 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dad\NTUSER.INI
    [2010/01/28 18:33:52 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/28 18:32:03 | 005,115,824 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Dad\Desktop\mbam-setup.exe
    [2010/01/27 18:44:38 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\My Sharing Folders.lnk
    [2010/01/26 22:01:57 | 000,091,713 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Ed Shahzade.pdf
    [2010/01/21 14:02:25 | 000,102,256 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\375D9BC5-4829-47EC-BF3B-39B0DCB5A8B6-8850-IF.tif
    [2010/01/18 11:17:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/01/18 11:17:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/01/16 21:21:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/01/15 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
    [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
     
    Don't blame me, I voted for Scott Brown

    Offline BlueTheDog

    • Bronze Member
    • Posts: 10
    Re: [In Progress] Redirected Google searches/DCOM Countdown HiJackThis Log File
    « Reply #12 on: February 01, 2010, 05:56:43 pm »
    OTL.txt Log Part 2

    ========== Files Created - No Company Name ==========
     
    [2010/02/01 08:29:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/02/01 08:29:50 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/02/01 08:27:21 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/02/01 08:27:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/02/01 08:27:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/02/01 08:27:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/02/01 08:27:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/02/01 07:22:11 | 003,842,807 | R--- | C] () -- C:\Documents and Settings\Dad\Desktop\Combo-Fix.exe
    [2010/01/31 12:41:32 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\gmer.zip
    [2010/01/31 12:33:37 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\dds.scr
    [2010/01/31 11:21:47 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\NTREGOPT.lnk
    [2010/01/31 11:21:47 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\ERUNT.lnk
    [2010/01/30 17:30:14 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\HijackThis.lnk
    [2010/01/28 18:33:52 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/01/26 22:01:57 | 000,091,713 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Ed Shahzade.pdf
    [2010/01/21 14:02:22 | 000,102,256 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\375D9BC5-4829-47EC-BF3B-39B0DCB5A8B6-8850-IF.tif
    [2010/01/18 11:17:24 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
    [2010/01/18 11:17:24 | 000,000,232 | -H-- | C] () -- C:\sqmdata09.sqm
    [2009/12/02 11:30:24 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\SharedSettings.ccs
    [2009/08/03 16:09:21 | 000,110,461 | ---- | C] () -- C:\Program Files\mortgagecommitment letter8-09.pdf
    [2009/07/23 12:01:51 | 001,615,732 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
    [2009/02/23 11:47:36 | 002,160,606 | ---- | C] () -- C:\Program Files\TweetDeck_0_21_5.air
    [2008/12/10 23:18:51 | 016,320,472 | ---- | C] () -- C:\Program Files\vlc-0.9.8a-win32.exe
    [2008/08/21 18:14:06 | 000,002,539 | ---- | C] () -- C:\Program Files\slogan-pop.jpg
    [2008/08/02 15:55:28 | 000,523,013 | ---- | C] () -- C:\Program Files\MarketSamurai.0.50.air
    [2008/07/19 13:51:06 | 005,106,496 | ---- | C] () -- C:\Program Files\jing_setup.exe
    [2008/07/19 13:04:07 | 001,364,995 | ---- | C] () -- C:\Program Files\CamStudio20.exe
    [2008/06/25 13:12:47 | 000,031,870 | ---- | C] () -- C:\Program Files\BabeRuthProgramAds6-2008pdf.pdf
    [2008/06/19 21:39:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2008/06/07 15:38:00 | 042,283,226 | ---- | C] () -- C:\Program Files\flash_player_update6_flash9.zip
    [2007/07/18 17:39:33 | 000,000,191 | ---- | C] () -- C:\WINDOWS\ContentComposer.ini
    [2007/07/18 17:35:15 | 000,000,921 | ---- | C] () -- C:\WINDOWS\ccliteinst.ini
    [2007/05/13 08:25:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/02/06 22:43:28 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DeskToppers.ini
    [2006/05/04 12:15:13 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/05/03 21:38:51 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\islzma.dll
    [2006/05/03 21:38:51 | 000,026,424 | ---- | C] () -- C:\WINDOWS\System32\wrlzma.dll
    [2006/05/03 21:38:44 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
    [2006/05/03 21:38:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
    [2006/04/30 06:45:19 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Dad.ini
    [2006/04/01 15:27:47 | 000,000,561 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2006/03/25 21:50:49 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
    [2006/02/25 14:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
    [2006/01/13 17:55:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\CTACD.INI
    [2005/04/17 08:52:31 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\mcrtl32(3).dll
    [2005/01/27 15:04:52 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\ViewerApp.dat
    [2005/01/27 14:45:49 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2004/12/03 19:34:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
    [2004/11/05 20:29:05 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2004/02/04 15:18:40 | 000,003,851 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2004/02/03 18:50:08 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\fusioncache.dat
    [2004/01/22 20:03:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/01/22 19:56:04 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2004/01/22 19:55:50 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
    [2004/01/22 19:55:50 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
    [2004/01/22 19:55:50 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
    [2004/01/22 19:55:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
    [2004/01/22 19:55:50 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2004/01/22 19:55:19 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2004/01/22 19:54:05 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2004/01/22 19:50:47 | 000,000,891 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/01/22 19:35:27 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/01/22 19:35:13 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/01/22 19:21:34 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2002/09/30 06:10:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
    [2000/01/27 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
    [1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
    [1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
     
    ========== LOP Check ==========
     
    [2006/02/25 14:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
    [2005/11/12 17:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2007/06/29 15:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2006/03/25 23:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESPN
    [2006/04/21 21:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
    [2006/10/01 21:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
    [2005/11/12 17:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
    [2007/04/18 23:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/11/22 12:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
    [2008/11/25 08:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [2009/12/02 11:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\CoffeeCup Software
    [2009/04/07 20:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
    [2008/04/13 09:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
    [2007/05/01 22:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\eBookPro6
    [2009/12/08 12:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\FileZilla
    [2008/08/30 12:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\FireShot
    [2004/11/03 20:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Jasc
    [2004/02/07 16:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Leadertech
    [2008/08/02 15:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2008/09/30 18:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\MSNInstaller
    [2009/06/16 08:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\RayV
    [2007/08/07 22:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\SecondLife
    [2007/12/24 19:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\StomperScrutinizer.80D30D081DF260F3E4CECC0C2A6ADDA2F74D545F.1
    [2008/09/06 16:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\StumbleUpon
    [2009/02/23 11:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
    [2007/04/18 23:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Viewpoint
    [2009/03/09 13:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\WebEx
    [2007/02/08 17:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\WholeSecurity
    [2010/02/01 17:59:01 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
    [2010/01/15 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
    [2010/02/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dad\My Documents\I made this PhotoShow for you!.email: SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dad\My Documents\Edward'sANStoINTS 2-25-04.zip: SummaryInformation
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dad\My Documents\DennisTo.txt: SummaryInformation
    @Alternate Data Stream - 4870 bytes -> C:\WINDOWS\KB842773.log:ykzunz
    @Alternate Data Stream - 3567 bytes -> C:\WINDOWS\KB873339.log:qlrzpc
    @Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Dad\My Documents\US shaped Flag avatar version.jpg: SummaryInformation
    @Alternate Data Stream - 11736 bytes -> C:\WINDOWS\KB840987.log:fjgptp
    < End of report >
    Don't blame me, I voted for Scott Brown

    Offline BlueTheDog

    • Bronze Member
    • Posts: 10
    Re: [In Progress] Redirected Google searches/DCOM Countdown HiJackThis Log File
    « Reply #13 on: February 01, 2010, 05:57:35 pm »
    Extras.txt

    OTL Extras logfile created on: 2/1/2010 6:05:15 PM - Run 1
    OTL by OldTimer - Version 3.1.27.1     Folder = C:\Documents and Settings\Dad\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.46 Gb Total Space | 45.13 Gb Free Space | 60.62% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: DJZ33641
    Current User Name: Dad
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .exe [@ = exefile] -- Reg Error: Key error. File not found
    .hta [@ = htafile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
     
    ========== Authorized Applications List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
    "C:\Program Files\MSN\MSNCoreFiles\msn.exe" = C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Enabled:msn -- (Microsoft Corporation)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
    "C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath  -- (Skype Technologies S.A.)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
     
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
    "{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
    "{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
    "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
    "{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}" = Picture Package
    "{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online
    "{25EF00BF-F17B-11D6-88EA-000476CD2443}" = Verizon Broadband Toolbar
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
    "{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0
    "{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
    "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
    "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
    "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
    "{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
    "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
    "{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
    "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
    "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
    "{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
    "{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
    "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
    "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
    "{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
    "{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
    "{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{697159AA-CB93-9F0F-6628-45EED03562F4}" = twhirl
    "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
    "{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
    "{6E19B918-2820-74A9-3CE0-9BAD5E1D360C}" = TweetDeck
    "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
    "{7EC96FCD-0C12-46D3-988A-FB802F138BEB}" = Jing
    "{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
    "{7EFADE00-CB20-3211-9B8E-A1F88981E519}" = Seesmic Desktop
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
    "{90A38975-8780-41EB-8483-5FFE82526859}" = Microsoft Phishing Filter Add-in for MSN Search Toolbar
    "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
    "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
    "{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
    "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
    "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
    "{A7328032-1BD3-9180-9C0C-4492B2E6CC95}" = Market Samurai
    "{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
    "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
    "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
    "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
    "{B4B5AD48-8D34-41D3-BD8A-8A10BD9BDED3}_is1" = Spy Sweeper for MSN
    "{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
    "{C2444FA0-04AA-4221-B652-73713947ED22}" = Anti-Spyware
    "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
    "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
    "{CB239B8F-88E5-7545-833D-8501F525FAA9}" = StomperScrutinizer
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
    "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
    "{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
    "{D8C9328A-3587-439F-9458-226158211972}" = Verizon PC Security Checkup
    "{EA72F288-86BA-426B-B57B-83B15E95C917}" = Microsoft  File Transfer Manager
    "{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F330A4C0-802E-11D5-8311-0050DABBB21D}" = OnDVD
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
    "{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "America Online us" = America Online (Choose which version to remove)
    "AolCoach" = AOL Coach Version 1.0(Build:20030807.3)
    "BCM V.92 56K Modem" = BCM V.92 56K Modem
    "CamStudio" = CamStudio
    "DellSupport" = Dell Support 5.0.0 (766)
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileZilla" = FileZilla (remove only)
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
    "InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
    "InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
    "InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
    "InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
    "InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
    "InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
    "InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
    "InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
    "InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
    "MS Access 97 SP2" = MS Access 97 SP2
    "MSC" = McAfee SecurityCenter
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "RealPlayer 6.0" = RealPlayer
    "Rp Scan and Clean {D8C9328A-3587-439F-9458-226158211972}" = Verizon PC Security Checkup
    "Shockwave" = Shockwave
    "StomperScrutinizer.80D30D081DF260F3E4CECC0C2A6ADDA2F74D545F.1" = StomperScrutinizer
    "StumbleUponIEToolbar" = StumbleUpon IE Toolbar
    "Test My Hardware_is1" = Test My Hardware 2.1
    "Verizon Online Help and Support" = Verizon Online Help and Support
    "VZBB" = Verizon Broadband Toolbar
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WIC" = Windows Imaging Component
    "Windows Live Toolbar" = Windows Live Toolbar
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Works2003Setup" = Microsoft Works 2003 Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Draw 4 App" = Draw 4 App
    "FileZilla Client" = FileZilla Client 3.3.0.1
    "GoToMeeting" = GoToMeeting 4.0.0.320
    "MilitaryGame App" = MilitaryGame App
    "SwingSet2 App" = SwingSet2 App
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 1/29/2010 5:18:30 PM | Computer Name = DJZ33641 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x0270f7ac.
     
    Error - 1/29/2010 5:51:07 PM | Computer Name = DJZ33641 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x026cf7a2.
     
    Error - 1/29/2010 6:22:53 PM | Computer Name = DJZ33641 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x00c5f7a2.
     
    Error - 1/29/2010 6:49:18 PM | Computer Name = DJZ33641 | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error - 1/29/2010 7:00:23 PM | Computer Name = DJZ33641 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x0290f7aa.
     
    Error - 1/29/2010 11:11:16 PM | Computer Name = DJZ33641 | Source = Microsoft Office 10 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Word.
     
    Error - 1/29/2010 11:11:29 PM | Computer Name = DJZ33641 | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 10.0.6856.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.
     
    Error - 1/31/2010 12:22:15 PM | Computer Name = DJZ33641 | Source = Microsoft Office 10 | ID = 2001
    Description = Rejected Safe Mode action : Microsoft Word.
     
    Error - 1/31/2010 2:05:09 PM | Computer Name = DJZ33641 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x0290f7ac.
     
    Error - 1/31/2010 2:34:04 PM | Computer Name = DJZ33641 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module unknown, version 0.0.0.0, fault address 0x0296f7a3.
     
    [ System Events ]
    Error - 1/31/2010 1:59:27 PM | Computer Name = DJZ33641 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.
     
    Error - 1/31/2010 1:59:27 PM | Computer Name = DJZ33641 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
     a page  file on the boot partition and that is large enough to contain all physical
    memory.
     
    Error - 1/31/2010 2:05:18 PM | Computer Name = DJZ33641 | Source = Service Control Manager | ID = 7031
    Description = The DCOM Server Process Launcher service terminated unexpectedly.
     It has done this 1 time(s).  The following corrective action will be taken in 60000
     milliseconds: Reboot the machine.
     
    Error - 1/31/2010 2:05:18 PM | Computer Name = DJZ33641 | Source = Service Control Manager | ID = 7034
    Description = The Terminal Services service terminated unexpectedly.  It has done
     this 1 time(s).
     
    Error - 1/31/2010 2:24:01 PM | Computer Name = DJZ33641 | Source = Service Control Manager | ID = 7031
    Description = The McAfee Network Agent service terminated unexpectedly.  It has
    done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds:
     Restart the service.
     
    Error - 1/31/2010 2:24:02 PM | Computer Name = DJZ33641 | Source = Service Control Manager | ID = 7034
    Description = The Canon Camera Access Library 8 service terminated unexpectedly.
      It has done this 1 time(s).
     
    Error - 1/31/2010 2:28:23 PM | Computer Name = DJZ33641 | Source = Ftdisk | ID = 262189
    Description = The system could not sucessfully load the crash dump driver.
     
    Error - 1/31/2010 2:28:23 PM | Computer Name = DJZ33641 | Source = Ftdisk | ID = 262193
    Description = Configuring the Page file for crash dump failed. Make sure there is
     a page  file on the boot partition and that is large enough to contain all physical
    memory.
     
    Error - 1/31/2010 2:34:12 PM | Computer Name = DJZ33641 | Source = Service Control Manager | ID = 7031
    Description = The DCOM Server Process Launcher service terminated unexpectedly.
     It has done this 1 time(s).  The following corrective action will be taken in 60000
     milliseconds: Reboot the machine.
     
    Error - 1/31/2010 2:34:12 PM | Computer Name = DJZ33641 | Source = Service Control Manager | ID = 7034
    Description = The Terminal Services service terminated unexpectedly.  It has done
     this 1 time(s).
     
     
    < End of report >
    Don't blame me, I voted for Scott Brown

    Offline Maurice Naggar

    • Malware Removal Staff
    • Silver Member
    • Posts: 1150
    Re: [In Progress] Redirected Google searches/DCOM Countdown HiJackThis Log File
    « Reply #14 on: February 02, 2010, 06:41:08 am »
    Older versions of Adobe Reader pose a potential security hazard.
    De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.
    Also de-install ESET online.
     
    While still in Add-or-Remove Programs, also de-install (remove) the following old Java versions. Just the ones I list:
    Java 2 Runtime Environment, SE v1.4.2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Exit / close Control Panel

    Get the latest version of Adobe Reader from  http://www.adobe.com/products/acrobat/readstep2.html

    I see that you are clear of your original issues.
    If you have a problem with these steps, or something does not quite work here, do let me know.

    The following few steps will remove tools we used; followed by advice on staying safer.

    We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combo-fix    ), put that name in the RUN box stated just below.
    The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
    Note the space after exe and before the slash mark.
    The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
    • Click Start, then click Run and type in
    Code: [Select]
    CMD
      In the command box that opens, type or copy/paste
    c:\documents and settings\Dad\Desktop\Combo-Fix.exe /uninstall
    and then press ENTER-key.
    Close command prompt. [/list]

    • Please double-click OTL.exe  to run it.
    • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
    • This step removes the files, folders, and shortcuts created by the tools I had you download and run.


    • You should check on your McAfee & Spysweeper and turn them back on, if you have not already.


    • Delete Gmer.zip, Gmer.exe & Gmer.txt if still present.


    • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.


    • Check in at Windows Update and install any Critical Updates offered.

    • Download and Install Windows Defender by Microsoft (free) if you do not already have it:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D

    • Make certain that Automatic Updates is enabled.

    How to configure and use Automatic Updates in WinXP:
    http://support.microsoft.com/kb/306525


    See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
    That would help to keep your browser away from known spyware/malware sites.

    We are finished here. Best regards.
    ~Maurice Naggar
    MS-MVP (October 2002 - September 2010)