Task Manager and Regedit disabled

Hi

Welcome to the Dell Community Malware Removal Forum,

I'm K27 and i will be reviewing your logs for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

I will post back as soon as I have decided on the best course of action to take with your malware issues.

Thankyou for your patience,
K27.

mikesingh,

I know you already run MBAM but please follow these instructions:

• Double click your Malwarebytes desktop icon
• Click the UPDATE tab at the top
• Scan for and install any updates it finds
• Then choose the SCANNER tab and run a QUICK SCAN
• Post the MBAM log results back to this thread

NOTE: If MBAM encounters a file that is hard to remove it will prompt for a delete on reboot, answer yes to this and once rebooted please run another scan and post that scan's log results along with the log results from before reboot which can be found under the LOGS tab of Malwarebytes.


I need to see some additional information about what is happening in your machine.
Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.com
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool.
• When done, DDS will open two (2) logs
• 1. DDS.txt
  2. Attach.txt
  
• Save both reports to your desktop.
• The instructions here ask you to attach the Attach.txt.
• 
  
  
• Instead of attaching, please copy/past both logs into your next reply.
• 
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE


Please COPY/PASTE the MBAM log and BOTH DDS logs back to this thread,
Thanks
K27.

Malwarebytes' Anti-Malware 1.44
Database version: 3845
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

3/9/2010 8:04:01 PM
mbam-log-2010-03-09 (20-03-52).txt

Scan type: Quick Scan
Objects scanned: 126267
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
C:\Documents and Settings\MIKE\Local Settings\Temp\winkcjc.exe (Trojan.Downloader) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\MIKE\Local Settings\Temp\winkcjc.exe (Trojan.Downloader) -> No action taken.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/26/2005 5:22:50 AM
System Uptime: 3/9/2010 7:40:33 PM (1 hours ago)

Motherboard: Dell Inc. |  | 0FD369
Processor: Intel(R) Celeron(R) M processor         1.40GHz | Microprocessor | 1396/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 34 GiB total, 16.089 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP406: 6/21/2005 4:53:25 AM - Software Distribution Service 3.0
RP407: 7/12/2005 10:21:25 PM - Software Distribution Service 3.0
RP408: 7/12/2005 11:11:02 PM - Installed Lexmark Fax Solutions
RP409: 3/4/2010 10:56:37 PM - System Checkpoint

==== Installed Programs ======================

ABBYY FineReader 5.0 Sprint Plus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
AOLIcon
Apple Software Update
ArcSoft Funhouse
ArcSoft PhotoBase 3
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
AVConverter 1.0
Conexant D110 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell System Restore
Dell Wireless WLAN Card
DellSupport
DFX 8 for Musicmatch
Digital Line Detect
Dual Mode Digital Camera 3.0M
Exterminate3
FAS for Peachtree by Sage
getPlus(R)_ocx
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
J2SE Runtime Environment 5.0 Update 10
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Lexmark 4200 Series
LG USB Drivers
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003 Runtime
Microsoft Office Basic Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Modem Helper
Move Networks Media Player for Internet Explorer
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Way Search Assistant
NetWaiting
NS Virtual DJ 6.0 Full
PC Matic 1.0.0.0
Peachtree Accounting 2007
Peachtree Complete Accounting 2007
PeachTree Signature Ready Forms
Pervasive Software PSQL v9.1 Client
Pervasive System Analyzer v9.1
Photo Click
Photo Story 3 for Windows
PowerDVD 5.5
QuickSet
RAW FILE CONVERTER LE
RF Wireless Mouse
Sage Software Integration Services
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype 3.2
Skype Plugin Manager
Skype Toolbar for Internet Explorer
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Virtual DJ - Atomix Productions
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

3/4/2010 9:14:51 PM, information: Windows File Protection [64004]  - The protected system file regedit.exe could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0x800b0100 [No signature was present in the subject. ].
3/4/2010 9:13:02 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
3/4/2010 8:59:09 PM, information: Windows File Protection [64004]  - The protected system file regedit.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x800b0100 [No signature was present in the subject. ].

==== End Of File ===========================

DDS (Ver_09-12-01.01) - NTFSx86 
Run by MIKE at 20:13:48.38 on Tue 03/09/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.503.48 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\RF Wireless Mouse\cm20.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe Media Player\Adobe Media Player.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\DOCUME~1\MIKE\LOCALS~1\Temp\winkcjc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MIKE\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
mDefault_Page_URL = hxxp://www.yahoo.com
mSearch Page =
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: SkypeIEHelper Class: {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\toolbars\skypef~1\SKYPE_~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Skype Toolbar for Internet Explorer: {b13721c7-f507-4982-b2e5-502a71474fed} - c:\program files\skype\toolbars\skype for internet explorer\skype_toolbar.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: My Skype™ Contacts: {029f4681-0900-4227-a3cb-52f1ed4a8529} - c:\progra~1\skype\toolbars\skypef~1\SKYPE_~1.DLL
EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Start RF Wireless Mouse] c:\program files\rf wireless mouse\cm20.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SiteAdvisor] c:\program files\siteadvisor\6253\SiteAdv.exe
mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe"
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\adobem~1.lnk - c:\program files\adobe media player\Adobe Media Player.exe
StartupFolder: c:\docume~1\mike\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoActiveDesktop = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\toolbars\skypef~1\SKYPE_~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-2-14 201320]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-7-14 13824]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-2-14 359248]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-7-14 13696]
R3 dac970nt;dac970nt;\??\c:\windows\system32\drivers\etlklj.sys --> c:\windows\system32\drivers\etlklj.sys [?]
S3 0271171119331200mcinstcleanup;McAfee Application Installer Cleanup (0271171119331200);c:\docume~1\mike\locals~1\temp\027117~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\mike\locals~1\temp\027117~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-2-14 769352]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-2-14 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-2-14 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-2-14 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-2-14 40488]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys --> c:\windows\system32\drivers\phc700.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-1-20 159232]
S4 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [2007-1-11 77824]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-03-05 02:50:46 0 d-----w- c:\program files\Trend Micro
2010-03-01 17:35:04 102645961 ----a-w- c:\program files\Sage Software.zip

==================== Find3M  ====================

2010-01-18 16:22:35 177448 ----a-w- c:\documents and settings\mike\GoToAssistDownloadHelper.exe
2008-02-14 23:36:23 37768216 -c--a-w- c:\program files\corphome_13910_en-us_12m_r1.exe

============= FINISH: 20:14:33.73 ===============

First i need you to go to:

• Start (windows icon bottom left corner of screen)
• Control panel
• Add/Remove programs
• look for

J2SE Runtime Environment 5.0 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
My Way Search Assistant

• Uninstall
• Reboot PC
  
  PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS
  
  Please:
  
  • Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)Anti Virus
    Anti Srpyware
  • If you have trouble disabling your firewall please post back before continuning which one you use and I will give you the instructioins. (If its a third party Firewall there should be a Icon on your task bar by the clock, right click that and choose Disable/Stop. If its the Windows built-in firewall you should be able to disable it via Control Panel.
  
  
  We will begin with ComboFix.exe. Please visit THIS webpage for download links, and instructions for running the tool:
  
  Combo-fix MUST be saved to your desktop before running the tool
  
  5> * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  When prompted to install the recovery console please make sure to do so as the is a VERY IMPORTANT backup of Combo-fix XP only
  
  You will need to be conected to the net to install the recovery console, if you can not install it DO NOT run Combo-Fix,
  Post back and we will install it manually.
  
  DO NOT mouse click when Combo-Fix is running as this will cause Combo-Fix to Stall and it will not work as it should
  
  Please include the C:\ComboFix.txt in your next reply for further review.

ComboFix 10-03-11.02 - MIKE 03/11/2010 21:33:44.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.241 [GMT -5:00] Running from: c:\documents and settings\MIKE\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\recycler\S-1-5-21-3884554459-3547116199-571271207-1003 C:\s c:\windows\EventSystem.log c:\windows\system32\18467.exe c:\windows\system32\26500.exe c:\windows\system32\6334.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DAC970NT -------\Legacy_NDISRD -------\Service_dac970nt ((((((((((((((((((((((((( Files Created from 2010-02-12 to 2010-03-12 ))))))))))))))))))))))))))))))) . 2010-03-05 02:50 . 2010-03-05 02:50 -------- d-----w- c:\program files\Trend Micro 2010-03-01 17:35 . 2010-03-01 17:36 102645961 ----a-w- c:\program files\Sage Software.zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-12 02:51 . 2006-06-08 00:41 -------- d-----w- c:\documents and settings\MIKE\Application Data\Skype 2010-03-12 02:12 . 2005-06-21 21:48 -------- d-----w- c:\program files\Java 2010-03-10 00:55 . 2009-12-13 23:28 79488 ----a-w- c:\documents and settings\MIKE\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-05 02:40 . 2005-06-22 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 04:10 . 2010-01-22 04:10 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-22 03:51 . 2005-08-05 23:57 -------- d-----w- c:\program files\VirtualDJ 2010-01-21 02:19 . 2010-01-21 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-01-21 02:06 . 2010-01-21 02:06 -------- d-----w- c:\documents and settings\MIKE\Application Data\PCPitstop 2010-01-21 02:06 . 2010-01-21 02:05 -------- d-----w- c:\program files\PCPitstop 2010-01-20 02:41 . 2008-02-14 23:41 -------- d-----w- c:\documents and settings\MIKE\Application Data\SiteAdvisor 2010-01-18 16:22 . 2010-01-18 16:22 177448 ----a-w- c:\documents and settings\MIKE\GoToAssistDownloadHelper.exe 2010-01-07 21:07 . 2005-06-22 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2005-06-22 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2008-02-14 23:36 . 2008-02-14 23:36 37768216 -c--a-w- c:\program files\corphome_13910_en-us_12m_r1.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-11 23600680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 684032] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 122880] "Start RF Wireless Mouse"="c:\program files\RF Wireless Mouse\cm20.exe" [2002-01-31 131072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 200704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 241664] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 208896] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1470464] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-05-26 326720] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 652624] "SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 36640] "Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 210328] c:\documents and settings\MIKE\Start Menu\Programs\Startup\ Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-12-14 261120] palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-7-15 2445312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-21 94208] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\PROGRA~1\\McAfee.com\\Agent\\mcagent.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"= "c:\\Program Files\\SiteAdvisor\\6253\\SiteAdv.exe"= "c:\\Program Files\\palmOne\\register.exe"= "c:\\Program Files\\Dell\\QuickSet\\quickset.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= "c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"= "c:\\PROGRA~1\\mcafee\\msc\\mcuimgr.exe"= "c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\VirtualDJ\\virtualdj.exe"= "c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe"= "c:\\Program Files\\RF Wireless Mouse\\cm20.exe"= "c:\\Program Files\\Digital Line Detect\\DLG.exe"= "c:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"= "c:\\WINDOWS\\system32\\WLTRAY.exe"= "c:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcsysmon.exe"= "c:\\Program Files\\Sage Software\\Peachtree\\peachw.exe"= "c:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\DOCUME~1\\MIKE\\LOCALS~1\\Temp\\winrqtvq.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "1583:TCP"= 1583:TCP:Pervasive DBEngine "3351:TCP"= 3351:TCP:Pervasive DBEngine R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 12:01 AM 13824] R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 12:02 AM 13696] S3 0271171119331200mcinstcleanup;McAfee Application Installer Cleanup (0271171119331200);c:\docume~1\MIKE\LOCALS~1\Temp\027117~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\MIKE\LOCALS~1\Temp\027117~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S3 phc700;USB PC Camera (phc700);c:\windows\system32\DRIVERS\phc700.sys --> c:\windows\system32\DRIVERS\phc700.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/20/2010 9:05 PM 159232] S4 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/11/2007 7:07 PM 77824] --- Other Services/Drivers In Memory --- *NewlyCreated* - DAC970NT . Contents of the 'Scheduled Tasks' folder 2008-02-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-14 17:32] 2008-05-03 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-14 17:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe HKCU-Run-DellSupport - c:\program files\Dell Support\DSAgnt.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-11 21:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(496) c:\windows\system32\WININET.dll c:\program files\SiteAdvisor\6253\saHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\RF Wireless Mouse\NoEdge.dll c:\program files\RF Wireless Mouse\ASDll.dll c:\windows\system32\browselc.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll c:\program files\McAfee\VirusScan\scriptsn.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe c:\windows\system32\igfxsrvc.exe c:\program files\Lexmark 4200 Series\lxbmbmon.exe c:\program files\iPod\bin\iPodService.exe c:\program files\McAfee\MSC\mcuimgr.exe c:\docume~1\MIKE\LOCALS~1\Temp\winrqtvq.exe . ************************************************************************** . Completion time: 2010-03-11 21:59:16 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-12 02:59 Pre-Run: 18,583,400,448 bytes free Post-Run: 18,394,439,680 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 9D0A478BBEE9BE823795AE38EB63BC53

mikesingh,

From now on, when ever you post logs, please go to Format on the toolbar of notepad and please make sure Wordwrap is switched OFF, as it makes your logs very difficult to read otherwise.


PLEASE BE SURE TO DISABLE ALL PROTECTIVE SOFTWARE THAT IS RUNNING ON YOUR MACHINE BEFORE RUNNING COMBO-FIX, SO THAT COMBO-FIX IS NOT HINDERED IN ITS REMOVAL PROCESS

Please:

• Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)
• Anti Virus
  Anti Spyware
  
• If you have trouble disabling your firewall please post back before continuning which one you use and I will give you the instructioins. (If its a third party Firewall there should be a Icon on your task bar by the clock, right click that and choose Disable/Stop. If its the Windows built-in firewall you should be able to disable it via Control Panel.

Next we are going to run Combo-Fix in a slightly different way

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codeboc below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Thanks
K27.

ComboFix 10-03-15.04 - MIKE 03/15/2010  19:53:30.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.503.212 [GMT -4:00]
Running from: c:\documents and settings\MIKE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MIKE\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
 * Created a new restore point

FILE ::
"c:\docume~1\MIKE\LOCALS~1\Temp\winrqtvq.exe"
"c:\windows\system32\drivers\etlklj.sys"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAC970NT
-------\Service_dac970nt

(((((((((((((((((((((((((   Files Created from 2010-02-16 to 2010-03-16  )))))))))))))))))))))))))))))))
.

2010-03-05 02:50 . 2010-03-05 02:50 -------- d-----w- c:\program files\Trend Micro
2010-03-01 17:35 . 2010-03-01 17:36 102645961 ----a-w- c:\program files\Sage Software.zip

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 00:06 . 2006-06-08 00:41 -------- d-----w- c:\documents and settings\MIKE\Application Data\Skype
2010-03-12 02:12 . 2005-06-21 21:48 -------- d-----w- c:\program files\Java
2010-03-10 00:55 . 2009-12-13 23:28 79488 ----a-w- c:\documents and settings\MIKE\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-05 02:40 . 2005-06-22 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 04:10 . 2010-01-22 04:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-22 03:51 . 2005-08-05 23:57 -------- d-----w- c:\program files\VirtualDJ
2010-01-21 02:19 . 2010-01-21 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-01-21 02:06 . 2010-01-21 02:06 -------- d-----w- c:\documents and settings\MIKE\Application Data\PCPitstop
2010-01-21 02:06 . 2010-01-21 02:05 -------- d-----w- c:\program files\PCPitstop
2010-01-20 02:41 . 2008-02-14 23:41 -------- d-----w- c:\documents and settings\MIKE\Application Data\SiteAdvisor
2010-01-18 16:22 . 2010-01-18 16:22 177448 ----a-w- c:\documents and settings\MIKE\GoToAssistDownloadHelper.exe
2010-01-07 21:07 . 2005-06-22 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2005-06-22 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2010-01-05 10:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:14 . 2005-06-21 21:27 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 12:58 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2008-02-14 23:36 . 2008-02-14 23:36 37768216 -c--a-w- c:\program files\corphome_13910_en-us_12m_r1.exe
.

(((((((((((((((((((((((((((((((((((((((   System Restore   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

07/10/2009 04:03 PM 1191520 c:\2f2af2f17dbbe5d5a57babc867def1fd\update\iesetup.exe
07/10/2009 04:03 PM 1191520 \RP407\A0063952.exe

05/27/2004 09:23 AM 315392 c:\dell\ATAPI.EXE
05/27/2004 09:23 AM 315392 \RP407\A0063875.EXE
05/27/2004 09:23 AM 315392 \RP415\A0068352.EXE

06/19/2005 02:43 PM 307200 c:\dell\DellHlpr\OOSE.exe
06/19/2005 02:43 PM 307200 \RP407\A0063877.exe
06/19/2005 02:43 PM 307200 \RP415\A0068359.exe

07/14/1999 11:44 PM 13043 c:\dell\DOSXPRES.EXE
07/14/1999 11:44 PM 13043 \RP407\A0063880.EXE
03/04/2010 11:56 PM 0 \RP408
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-11 23600680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 684032]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 122880]
"Start RF Wireless Mouse"="c:\program files\RF Wireless Mouse\cm20.exe" [2002-01-31 131072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 200704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 241664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 208896]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1470464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-05-26 326720]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 652624]
"SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 36640]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 210328]

c:\documents and settings\MIKE\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-12-14 261120]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-7-15 2445312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-21 94208]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\PROGRA~1\\McAfee.com\\Agent\\mcagent.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"=
"c:\\Program Files\\SiteAdvisor\\6253\\SiteAdv.exe"=
"c:\\Program Files\\palmOne\\register.exe"=
"c:\\Program Files\\Dell\\QuickSet\\quickset.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\PROGRA~1\\mcafee\\msc\\mcuimgr.exe"=
"c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"=
"c:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj.exe"=
"c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe"=
"c:\\Program Files\\RF Wireless Mouse\\cm20.exe"=
"c:\\Program Files\\Digital Line Detect\\DLG.exe"=
"c:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.exe"=
"c:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcsysmon.exe"=
"c:\\Program Files\\Sage Software\\Peachtree\\peachw.exe"=
"c:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\msohtmed.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"=
"c:\\WINDOWS\\PEV.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\DOCUME~1\\MIKE\\LOCALS~1\\Temp\\dtra.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 1:01 AM 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 1:02 AM 13696]
S3 0271171119331200mcinstcleanup;McAfee Application Installer Cleanup (0271171119331200);c:\docume~1\MIKE\LOCALS~1\Temp\027117~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\MIKE\LOCALS~1\Temp\027117~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\DRIVERS\phc700.sys --> c:\windows\system32\DRIVERS\phc700.sys [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/20/2010 10:05 PM 159232]
S4 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/11/2007 8:07 PM 77824]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DAC970NT
.
Contents of the 'Scheduled Tasks' folder

2008-02-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-14 17:32]

2008-05-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-14 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 20:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

c:\windows\system.ini 264 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\WININET.dll
c:\program files\SiteAdvisor\6253\saHook.dll
c:\program files\RF Wireless Mouse\NoEdge.dll
c:\program files\RF Wireless Mouse\ASDll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lexmark 4200 Series\lxbmbmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\MSC\mcuimgr.exe
c:\docume~1\MIKE\LOCALS~1\Temp\dtra.exe
.
**************************************************************************
.
Completion time: 2010-03-15  20:14:24 - machine was rebooted
ComboFix-quarantined-files.txt  2010-03-16 00:14
ComboFix2.txt  2010-03-12 02:59

Pre-Run: 17,842,085,888 bytes free
Post-Run: 17,589,981,184 bytes free

- - End Of File - - 1D34D409EBEFAD8116DF9C69755AE6D0

ComboFix 10-03-15.04 - MIKE 03/15/2010 19:53:30.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.212 [GMT -4:00] Running from: c:\documents and settings\MIKE\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\MIKE\Desktop\CFScript.txt AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point FILE :: "c:\docume~1\MIKE\LOCALS~1\Temp\winrqtvq.exe" "c:\windows\system32\drivers\etlklj.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DAC970NT -------\Service_dac970nt ((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 ))))))))))))))))))))))))))))))) . 2010-03-05 02:50 . 2010-03-05 02:50 -------- d-----w- c:\program files\Trend Micro 2010-03-01 17:35 . 2010-03-01 17:36 102645961 ----a-w- c:\program files\Sage Software.zip . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-16 00:06 . 2006-06-08 00:41 -------- d-----w- c:\documents and settings\MIKE\Application Data\Skype 2010-03-12 02:12 . 2005-06-21 21:48 -------- d-----w- c:\program files\Java 2010-03-10 00:55 . 2009-12-13 23:28 79488 ----a-w- c:\documents and settings\MIKE\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-05 02:40 . 2005-06-22 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 04:10 . 2010-01-22 04:10 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-22 03:51 . 2005-08-05 23:57 -------- d-----w- c:\program files\VirtualDJ 2010-01-21 02:19 . 2010-01-21 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-01-21 02:06 . 2010-01-21 02:06 -------- d-----w- c:\documents and settings\MIKE\Application Data\PCPitstop 2010-01-21 02:06 . 2010-01-21 02:05 -------- d-----w- c:\program files\PCPitstop 2010-01-20 02:41 . 2008-02-14 23:41 -------- d-----w- c:\documents and settings\MIKE\Application Data\SiteAdvisor 2010-01-18 16:22 . 2010-01-18 16:22 177448 ----a-w- c:\documents and settings\MIKE\GoToAssistDownloadHelper.exe 2010-01-07 21:07 . 2005-06-22 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2005-06-22 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2010-01-05 10:00 78336 ------w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:14 . 2005-06-21 21:27 352640 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-16 12:58 . 2004-08-10 18:01 343040 ----a-w- c:\windows\system32\mspaint.exe 2008-02-14 23:36 . 2008-02-14 23:36 37768216 -c--a-w- c:\program files\corphome_13910_en-us_12m_r1.exe . ((((((((((((((((((((((((((((((((((((((( System Restore ))))))))))))))))))))))))))))))))))))))))))))))))))) . 07/10/2009 04:03 PM 1191520 c:\2f2af2f17dbbe5d5a57babc867def1fd\update\iesetup.exe 07/10/2009 04:03 PM 1191520 \RP407\A0063952.exe 05/27/2004 09:23 AM 315392 c:\dell\ATAPI.EXE 05/27/2004 09:23 AM 315392 \RP407\A0063875.EXE 05/27/2004 09:23 AM 315392 \RP415\A0068352.EXE 06/19/2005 02:43 PM 307200 c:\dell\DellHlpr\OOSE.exe 06/19/2005 02:43 PM 307200 \RP407\A0063877.exe 06/19/2005 02:43 PM 307200 \RP415\A0068359.exe 07/14/1999 11:44 PM 13043 c:\dell\DOSXPRES.EXE 07/14/1999 11:44 PM 13043 \RP407\A0063880.EXE 03/04/2010 11:56 PM 0 \RP408 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-05-11 23600680] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 684032] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 122880] "Start RF Wireless Mouse"="c:\program files\RF Wireless Mouse\cm20.exe" [2002-01-31 131072] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 200704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 241664] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 208896] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-16 1470464] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-05-26 326720] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 652624] "SiteAdvisor"="c:\program files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 36640] "Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 126976] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 210328] c:\documents and settings\MIKE\Start Menu\Programs\Startup\ Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-12-14 261120] palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-7-15 2445312] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-6-21 94208] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "c:\\PROGRA~1\\McAfee.com\\Agent\\mcagent.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE"= "c:\\Program Files\\SiteAdvisor\\6253\\SiteAdv.exe"= "c:\\Program Files\\palmOne\\register.exe"= "c:\\Program Files\\Dell\\QuickSet\\quickset.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= "c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"= "c:\\PROGRA~1\\mcafee\\msc\\mcuimgr.exe"= "c:\\Program Files\\Intel\\PROSetWired\\NCS\\PROSet\\PRONoMgr.exe"= "c:\\Program Files\\iTunes\\iTunesHelper.exe"= "c:\\Program Files\\VirtualDJ\\virtualdj.exe"= "c:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe"= "c:\\Program Files\\RF Wireless Mouse\\cm20.exe"= "c:\\Program Files\\Digital Line Detect\\DLG.exe"= "c:\\Program Files\\McAfee\\MSC\\mcuimgr.exe"= "c:\\WINDOWS\\system32\\WLTRAY.exe"= "c:\\PROGRA~1\\McAfee\\VIRUSS~1\\mcsysmon.exe"= "c:\\Program Files\\Sage Software\\Peachtree\\peachw.exe"= "c:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe"= "c:\\WINDOWS\\system32\\wuauclt.exe"= "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"= "c:\\Program Files\\Microsoft Office\\Office10\\msohtmed.exe"= "c:\\Program Files\\Common Files\\Microsoft Shared\\Source Engine\\OSE.EXE"= "c:\\WINDOWS\\PEV.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\DOCUME~1\\MIKE\\LOCALS~1\\Temp\\dtra.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification "1583:TCP"= 1583:TCP:Pervasive DBEngine "3351:TCP"= 3351:TCP:Pervasive DBEngine R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 1:01 AM 13824] R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 1:02 AM 13696] S3 0271171119331200mcinstcleanup;McAfee Application Installer Cleanup (0271171119331200);c:\docume~1\MIKE\LOCALS~1\Temp\027117~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\MIKE\LOCALS~1\Temp\027117~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?] S3 phc700;USB PC Camera (phc700);c:\windows\system32\DRIVERS\phc700.sys --> c:\windows\system32\DRIVERS\phc700.sys [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/20/2010 10:05 PM 159232] S4 Pervasive.SQL Workgroup Engine;Pervasive.SQL Workgroup Engine;c:\windows\system32\srvany.exe [1/11/2007 8:07 PM 77824] --- Other Services/Drivers In Memory --- *NewlyCreated* - DAC970NT . Contents of the 'Scheduled Tasks' folder 2008-02-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-14 17:32] 2008-05-03 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-02-14 17:32] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bing.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-15 20:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system.ini 264 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(580) c:\windows\system32\WININET.dll c:\program files\SiteAdvisor\6253\saHook.dll c:\program files\RF Wireless Mouse\NoEdge.dll c:\program files\RF Wireless Mouse\ASDll.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe c:\windows\system32\igfxsrvc.exe c:\program files\Lexmark 4200 Series\lxbmbmon.exe c:\program files\iPod\bin\iPodService.exe c:\program files\McAfee\MSC\mcuimgr.exe c:\docume~1\MIKE\LOCALS~1\Temp\dtra.exe . ************************************************************************** . Completion time: 2010-03-15 20:14:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-16 00:14 ComboFix2.txt 2010-03-12 02:59 Pre-Run: 17,842,085,888 bytes free Post-Run: 17,589,981,184 bytes free - - End Of File - - 1D34D409EBEFAD8116DF9C69755AE6D0

mikesingh,

There is something recreating everything we clean, I need to have a indepth look at your system:

Download OTL to your desktop.

Double click the icon to start the tool. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

• Put a check in the box next to Lop Check and Purity Check
• Click Run Scan and let the program run uninterrupted.
• When the scan is complete, two text files will be created on your Desktop.
• OTL.Txt <- this one will be opened
• Extras.txt <- this one will be minimized

.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txtin your next reply.

These will be long logs, so please use multipul post if need be.

Thanks
K27.

OTL logfile created on: 3/18/2010 9:16:27 AM - Run 1
OTL by OldTimer - Version 3.1.37.2     Folder = C:\Documents and Settings\MIKE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.26 Gb Total Space | 16.27 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SINGH
Current User Name: MIKE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/03/18 09:15:19 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MIKE\Desktop\OTL.exe
PRC - [2010/03/18 09:04:17 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\MIKE\Local Settings\temp\winpaqeo.exe
PRC - [2008/12/14 18:50:47 | 000,261,120 | ---- | M] () -- C:\Program Files\Adobe Media Player\Adobe Media Player.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 19:12:38 | 000,346,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/08/24 17:57:48 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
PRC - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/04 12:26:08 | 000,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2004/01/16 06:27:30 | 000,094,208 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
PRC - [2004/01/16 06:04:08 | 000,126,976 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
PRC - [2003/10/29 04:06:00 | 000,094,208 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/01/31 10:59:02 | 000,131,072 | ---- | M] () -- C:\Program Files\RF Wireless Mouse\CM20.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/03/18 09:15:19 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MIKE\Desktop\OTL.exe
MOD - [2008/02/21 10:24:30 | 000,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6253\saHook.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2002/09/19 14:43:36 | 000,036,864 | ---- | M] () -- C:\Program Files\RF Wireless Mouse\ASDll.dll
MOD - [2001/09/04 20:53:24 | 000,049,152 | ---- | M] () -- C:\Program Files\RF Wireless Mouse\NoEdge.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (0271171119331200mcinstcleanup) McAfee Application Installer Cleanup (0271171119331200)
SRV - [2009/06/26 09:26:20 | 000,159,232 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/09 16:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/05 10:04:10 | 000,769,352 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/07 09:35:40 | 000,460,104 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/15 13:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/18 16:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2006/10/12 01:50:35 | 000,077,824 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (Pervasive.SQL Workgroup Engine)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (dac970nt)
DRV - [2007/12/02 12:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 06:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 06:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 06:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 06:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 09:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/01/13 18:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/07/14 01:02:22 | 000,013,696 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wsp_pkt.sys -- (wsppkt)
DRV - [2006/07/14 01:01:16 | 000,013,824 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/07/14 01:00:58 | 000,013,440 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/10 23:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/08/18 15:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/04 00:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2010/03/15 20:03:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (SkypeIEHelper Class) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Skype Toolbar for Internet Explorer) - {B13721C7-F507-4982-B2E5-502A71474FED} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Skype Toolbar for Internet Explorer) - {B13721C7-F507-4982-B2E5-502A71474FED} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [Lexmark 4200 Series] C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe ()
O4 - HKLM..\Run: [Start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\CM20.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
O4 - Startup: C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\palmOne Registration.lnk = C:\Program Files\palmOne\register.exe (palmOne/Leader Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Toolbar for Internet Explorer - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Skype for Internet Explorer\skype_toolbar.dll (Skype Technologies S.A.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/03/18 09:15:16 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MIKE\Desktop\OTL.exe
[2010/03/15 19:51:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/11 22:32:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/11 22:30:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/11 22:30:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/11 22:30:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/11 22:30:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/11 22:30:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/11 22:29:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/04 22:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/04 22:50:40 | 000,890,168 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MIKE\Desktop\HJTInstall.exe
[2010/03/04 22:39:03 | 005,115,824 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\MIKE\Desktop\mbam-setup.exe
[2008/02/15 22:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
[2007/08/18 12:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/03/18 20:23:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/09/20 20:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2006/09/20 20:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2006/08/01 19:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/06/10 19:14:24 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\cphc700.dll
[2004/08/10 14:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2004/08/10 13:57:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/03/18 09:15:19 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MIKE\Desktop\OTL.exe
[2010/03/18 09:05:24 | 000,386,100 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/18 09:05:24 | 000,055,216 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/18 09:05:23 | 000,447,372 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/18 09:01:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\Adobe Media Player.lnk
[2010/03/18 09:00:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/18 09:00:42 | 000,017,391 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/18 09:00:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/18 09:00:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/18 09:00:15 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 20:27:44 | 005,505,024 | ---- | M] () -- C:\Documents and Settings\MIKE\NTUSER.DAT
[2010/03/15 20:27:12 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\MIKE\ntuser.ini
[2010/03/15 20:03:25 | 000,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/15 20:03:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/15 19:48:53 | 003,960,693 | R--- | M] () -- C:\Documents and Settings\MIKE\Desktop\ComboFix.exe
[2010/03/15 19:37:52 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\MIKE\Start Menu\Programs\Startup\palmOne Registration.lnk
[2010/03/11 23:16:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/11 23:14:37 | 000,000,768 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/11 22:32:33 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/09 21:13:34 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\dds.scr
[2010/03/04 22:50:46 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\HijackThis.lnk
[2010/03/04 22:39:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/04 21:52:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\Shortcut to Internet.lnk
[2010/03/04 21:05:38 | 000,000,559 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2010/03/04 20:49:42 | 000,890,168 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MIKE\Desktop\HJTInstall.exe
[2010/03/04 20:37:30 | 005,115,824 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\MIKE\Desktop\mbam-setup.exe
[2010/03/04 20:07:46 | 000,001,341 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\regtools.vbs
[2010/03/04 19:40:38 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\MIKE\Desktop\UnHookExec.inf
[2010/03/01 13:36:24 | 102,645,961 | ---- | M] () -- C:\Program Files\Sage Software.zip
[2010/03/01 11:23:25 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lexmark 4200 Series All-In-One Center.lnk
[46 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/03/11 22:32:33 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/11 22:32:29 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/11 22:30:22 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/11 22:30:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/11 22:30:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/11 22:30:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/11 22:30:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/11 22:25:48 | 003,960,693 | R--- | C] () -- C:\Documents and Settings\MIKE\Desktop\ComboFix.exe
[2010/03/09 21:13:29 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\dds.scr
[2010/03/04 22:50:46 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\HijackThis.lnk
[2010/03/04 22:09:29 | 000,001,341 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\regtools.vbs
[2010/03/04 21:52:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\Shortcut to Internet.lnk
[2010/03/04 21:41:44 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\MIKE\Desktop\UnHookExec.inf
[2010/03/01 13:35:04 | 102,645,961 | ---- | C] () -- C:\Program Files\Sage Software.zip
[2010/03/01 13:23:41 | 000,047,863 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\FASTWiz.log
[2008/05/18 18:58:59 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/14 19:36:16 | 037,768,216 | ---- | C] () -- C:\Program Files\corphome_13910_en-us_12m_r1.exe
[2007/10/30 22:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2007/04/26 22:20:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/04/26 22:08:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2006/12/06 22:15:24 | 000,005,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/12 02:50:14 | 000,001,743 | ---- | C] () -- C:\WINDOWS\PCW140.ini
[2006/08/18 21:28:38 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2006/07/18 19:45:02 | 000,000,817 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/06/10 19:26:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/06/07 16:34:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006/02/19 18:09:58 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/20 18:19:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/20 21:41:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2005/12/02 00:21:32 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/01 15:45:56 | 000,004,806 | ---- | C] () -- C:\WINDOWS\BPGLLINK.INI
[2005/10/31 17:19:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\FH_setup.ini
[2005/10/31 17:18:43 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PB_setup.ini
[2005/10/31 17:18:24 | 000,000,713 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2005/10/31 17:18:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/10/31 17:17:58 | 000,000,021 | ---- | C] () -- C:\WINDOWS\VI_setup.ini
[2005/10/31 17:16:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2005/10/31 17:10:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\infcpy.dll
[2005/10/29 00:01:50 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\MIKE\Local Settings\Application Data\fusioncache.dat
[2005/10/27 22:28:29 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMUI.DLL
[2005/10/27 22:28:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXBRPMON.DLL
[2005/10/27 22:26:15 | 000,000,559 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/10/25 17:40:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/10/25 17:37:56 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\PFP120JPR.{PB
[2005/10/25 17:37:56 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\MIKE\Application Data\PFP120JCM.{PB
[2005/07/12 22:52:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbmvs.dll
[2005/07/12 22:50:19 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbmcoin.ini
[2005/07/12 22:49:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBMLCNP.DLL
[2005/06/21 18:04:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/21 17:59:09 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/21 17:49:58 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/06/21 17:29:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/12/15 19:24:59 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:51:20 | 001,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/10/25 21:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll
[1999/03/12 00:00:00 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\Crutl14.dll
 
========== LOP Check ==========
 
[2006/12/01 16:59:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2007/10/30 21:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010/01/20 22:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2007/01/11 21:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2006/01/22 21:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\4200Series
[2007/08/05 18:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\FUJIFILM
[2007/10/30 21:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\HotSync
[2006/06/15 17:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\ICAClient
[2005/10/25 23:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Leadertech
[2007/06/10 16:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\LimeWire
[2007/08/05 19:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Musicmatch
[2005/11/07 23:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\NetZero, Inc
[2006/03/12 00:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Palo Alto Software Inc
[2010/01/20 22:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\PCPitstop
[2007/01/11 20:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Peachtree
[2007/08/18 12:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MIKE\Application Data\Smith Micro
[2008/02/14 19:38:30 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2008/05/03 15:49:32 | 000,000,330 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
 
========== Purity Check ==========
 
 
< End of report >

OTL Extras logfile created on: 3/18/2010 9:16:27 AM - Run 1
OTL by OldTimer - Version 3.1.37.2     Folder = C:\Documents and Settings\MIKE\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
503.00 Mb Total Physical Memory | 200.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.26 Gb Total Space | 16.27 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SINGH
Current User Name: MIKE
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\ ]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\PROGRA~1\McAfee.com\Agent\mcagent.exe" = C:\PROGRA~1\McAfee.com\Agent\mcagent.exe:*:Enabled:ipsec -- (McAfee, Inc.)
"C:\Program Files\Microsoft Office\Office10\OSA.EXE" = C:\Program Files\Microsoft Office\Office10\OSA.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" = C:\Program Files\SiteAdvisor\6253\SiteAdv.exe:*:Enabled:ipsec -- ()
"C:\Program Files\palmOne\register.exe" = C:\Program Files\palmOne\register.exe:*:Enabled:ipsec -- (palmOne/Leader Technologies)
"C:\Program Files\Dell\QuickSet\quickset.exe" = C:\Program Files\Dell\QuickSet\quickset.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"c:\PROGRA~1\mcafee\msc\mcuimgr.exe" = c:\PROGRA~1\mcafee\msc\mcuimgr.exe:*:Enabled:ipsec -- (McAfee, Inc.)
"C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" = C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe:*:Enabled:ipsec -- (Intel(R) Corporation)
"C:\Program Files\VirtualDJ\virtualdj.exe" = C:\Program Files\VirtualDJ\virtualdj.exe:*:Enabled:ipsec -- (@**New*Star**@ Production)
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" = C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\Program Files\RF Wireless Mouse\cm20.exe" = C:\Program Files\RF Wireless Mouse\cm20.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Digital Line Detect\DLG.exe" = C:\Program Files\Digital Line Detect\DLG.exe:*:Enabled:ipsec -- (BVRP Software)
"C:\Program Files\McAfee\MSC\mcuimgr.exe" = C:\Program Files\McAfee\MSC\mcuimgr.exe:*:Enabled:ipsec -- (McAfee, Inc.)
"C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" = C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe:*:Enabled:ipsec -- (McAfee, Inc.)
"C:\Program Files\Sage Software\Peachtree\peachw.exe" = C:\Program Files\Sage Software\Peachtree\peachw.exe:*:Enabled:ipsec -- (Sage Software SB, Inc.)
"C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" = C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe:*:Enabled:ipsec -- (Lexmark International, Inc.)
"C:\Program Files\Microsoft Office\Office10\msohtmed.exe" = C:\Program Files\Microsoft Office\Office10\msohtmed.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\WINDOWS\PEV.exe" = C:\WINDOWS\PEV.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\MIKE\LOCALS~1\Temp\dtra.exe" = C:\DOCUME~1\MIKE\LOCALS~1\Temp\dtra.exe:*:Enabled:ipsec -- File not found
"C:\DOCUME~1\MIKE\LOCALS~1\Temp\ieso.exe" = C:\DOCUME~1\MIKE\LOCALS~1\Temp\ieso.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\MIKE\LOCALS~1\Temp\winpaqeo.exe" = C:\DOCUME~1\MIKE\LOCALS~1\Temp\winpaqeo.exe:*:Enabled:ipsec -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{095C4517-3E7A-4C70-A981-7146CFAD4D39}" = Dual Mode Digital Camera 3.0M
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{55A369BE-C40B-4699-99AD-0563A9D9C237}" = ArcSoft VideoImpression 1.6
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{60674fc3-3f60-45aa-a299-534a13d57cc8}" = DFX 8 for Musicmatch
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{643BD65E-E05A-43EB-A484-AD83054DEA55}" = FAS for Peachtree by Sage
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6D9258A8-A3A0-11D5-87D4-00055D0100B6}" = RF Wireless Mouse
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}" = iTunes
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{797703D4-461B-4BC9-AACA-292917F3A47F}" = ArcSoft PhotoImpression
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8911A5F5-06A6-4931-B193-E1FB0ECAF372}" = Exterminate3
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{962389D9-5166-4A15-85D1-9EDA9FB42A16}" = Peachtree Accounting 2007
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5460871-42FF-45CD-A634-01C755E9CEA1}" = ArcSoft PhotoBase 3
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{DCBD0769-BAD5-40AD-BCD9-68FADC5231D5}" = ArcSoft Funhouse
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFDEC7F-B24F-4C40-8639-7702671B8D67}_is1" = NS Virtual DJ 6.0 Full
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AVConverter" = AVConverter 1.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"getPlus(R)_ocx" = getPlus(R)_ocx
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{643BD65E-E05A-43EB-A484-AD83054DEA55}" = FAS for Peachtree by Sage
"InstallShield_{962389D9-5166-4A15-85D1-9EDA9FB42A16}" = Peachtree Complete Accounting 2007
"Integration Services" = Sage Software Integration Services
"Lexmark 4200 Series" = Lexmark 4200 Series
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Matic_is1" = PC Matic 1.0.0.0
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2007
"Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
"Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
"PROSet" = Intel(R) PRO Network Connections Drivers
"Skype_is1" = Skype 3.2
"ToolBand.SkypeIEToolbarToolbar" = Skype Toolbar for Internet Explorer
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/21/2005 1:00:45 AM | Computer Name = SINGH | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
Error - 6/21/2005 6:14:00 AM | Computer Name = SINGH | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
Error - 7/12/2005 10:32:56 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:33:04 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:33:04 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:33:04 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:36:13 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 11:22:46 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application lxbmaiox.exe, version 1.0.3.5, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 2/21/2010 3:35:43 AM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/4/2010 7:14:25 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ Application Events ]
Error - 6/21/2005 1:00:45 AM | Computer Name = SINGH | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
Error - 6/21/2005 6:14:00 AM | Computer Name = SINGH | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
Error - 7/12/2005 10:32:56 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:33:04 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:33:04 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:33:04 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 10:36:13 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 7/12/2005 11:22:46 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application lxbmaiox.exe, version 1.0.3.5, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 2/21/2010 3:35:43 AM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 3/4/2010 7:14:25 PM | Computer Name = SINGH | Source = Application Hang | ID = 1002
Description = Hanging application peachw.exe, version 2007.0.3.1668, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
[ System Events ]
Error - 3/18/2010 9:12:40 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:13:23 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:14:05 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:14:48 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:15:30 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:16:13 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:16:55 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:17:38 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:18:20 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
Error - 3/18/2010 9:19:03 AM | Computer Name = SINGH | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
 with DCOM within the required timeout.
 
 
< End of report >

mikesingh,

I think we have found what we are looking for but we need to double check:

Please go to Virus Total where you will see a browse button in the middle of the screen.

• Click the Browse button
• Locate the following file(s)

C:\Documents and Settings\MIKE\Local Settings\temp\winpaqeo.exe
c:\docume~1\MIKE\LOCALS~1\Temp\dtra.exe
C:\DOCUME~1\MIKE\LOCALS~1\Temp\ieso.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\videoimp.ini

• Click Send File
• Post all Reports back to this thread

NOTE: These Reports will NOT popup in a text file like most other tools we have used, you will need to copy/paste the report from the web page. Please type the name of the file above the relevent log for ease of reading

Note: you may need to show hidden files to locate the files requested:

Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Look for "Hidden files and folders"
Select "Show hidden files and folders"
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:

• Search System folders
• Search Hidden Files and folders
• Search SubFolders

Remember to hide hidden files/folders by reversing the action when you have finished


As a added note, there are "Trusted" sites in your trusted zone that I will clear in my next post, along with alot of stuff left over from PCTools and numorous other Security Vendors,
And can you tell me, do you use "MioNet Remote Drive Access" and do you know know why the below ports are being used to connect to your machine? If not I will kill them in my next reply, if they are for some kind of network then I suggest you disconnect this machine from the network until we are done.
The first seven(7) are related to Microsoft and can be killed, its the last four(4) im intrested in.


"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine


Thanks,
K27.

the computer is not allowing me to go to the Virus Total website.

Please try this site http://virusscan.jotti.org/en-gb

And please let me know, do you use "MioNet Remote Drive Access" and do you know know why the below ports are being used to connect to your machine?


"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine

Thanks
K27