-
mimielf1 dds log please advise thanks
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by mimielf at 12:28:04 on 2011-12-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.662 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&si=1006318
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AC75FCC5-AE4E-4090-ABCD-521B3D953CA9} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mimielf\application data\mozilla\firefox\profiles\l7dipbt1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=20110501213502744&tb_oid=01-05-2011&tb_mrud=01-05-2011
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A2da3c725-9c93-462f-b338-225e51809884&locale=us
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&ind=2011111512&ptnrS=CDxdm162YYus&si=1006318&n=77df2058&psa=&st=kwd&searchfor=
FF - plugin: c:\documents and settings\mimielf\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\mimielf\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\mimielf\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(protocol-handler.warn-external.dnUpdate, false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-7-9 342128]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-9 70216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-9 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-9 43288]
R4 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-30 652872]
S1 MpKsl129d2e77;MpKsl129d2e77;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c65b31d-4b1c-4eea-b47b-79ba5cff28c4}\mpksl129d2e77.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c65b31d-4b1c-4eea-b47b-79ba5cff28c4}\MpKsl129d2e77.sys [?]
S1 MpKsl3e6cbb94;MpKsl3e6cbb94;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb2156c0-02fc-4330-9ff3-44c53ee3b330}\mpksl3e6cbb94.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb2156c0-02fc-4330-9ff3-44c53ee3b330}\MpKsl3e6cbb94.sys [?]
S1 MpKsl541fe588;MpKsl541fe588;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{954ef865-2efc-4701-911b-41446ec04533}\mpksl541fe588.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{954ef865-2efc-4701-911b-41446ec04533}\MpKsl541fe588.sys [?]
S1 MpKsle31f4126;MpKsle31f4126;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36cad7cd-60e5-4143-89b1-94855df16442}\mpksle31f4126.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36cad7cd-60e5-4143-89b1-94855df16442}\MpKsle31f4126.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-9 65224]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
.
=============== Created Last 30 ================
.
2011-12-30 17:13:52 388096 ----a-r- c:\documents and settings\mimielf\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-30 17:13:44 -------- d-----w- c:\program files\Trend Micro
2011-12-30 15:39:09 -------- d-----w- c:\documents and settings\mimielf\application data\Malwarebytes
2011-12-30 15:36:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-30 15:36:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 11:34:41 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-12-17 11:33:51 -------- d-----w- c:\documents and settings\all users\application data\Affinegy
.
==================== Find3M ====================
.
2011-12-29 13:57:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 12:31:11.92 ===============
-------------------------------
Hello mimielf1,
Preliminary question, after which I may remove or merge the extra posts.
"AV: McAfee VirusScan Enterprise"
Is this a business, corporate, institutional computer or used in such an environment?
----------------------------------------------
no. I pulled the McAfee from work and installed on my personal.
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
Sorry for the delay but the holidays kind of put us behind.
You have McAfee and Microsoft Security Essentials, cant have both, they will use huge amounts of system resources and severely hamper system performance, with AV, all you need is one, keep it updated and run regular scans. Your call but you need to uninstall one via Add Remove Programs in the Control Panel.
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
-
mimielf unavailabe till 1/7
I won't be able to get on this until 1/7...please let me know if I have to start over or if I can just continue. thanks
-
Thats fine, I will keep this thread open for you until then
Ken
-
mbam results
I think there is still some MY Web Search stuff on here.
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.07.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mimielf :: MIMI [administrator]
Protection: Disabled
1/7/2012 12:54:14 PM
mbam-log-2012-01-07 (12-54-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182924
Time elapsed: 13 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
new dds 1/7
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/16/2006 10:35:45 AM
System Uptime: 1/6/2012 5:40:20 PM (20 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 30.236 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 5.027 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: MTP Device
Device ID: ROOT\WPD\0000
Manufacturer: (Standard MTP-Compliant Device)
Name: MTP Device
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1804: 10/10/2011 9:06:07 AM - System Checkpoint
RP1805: 10/11/2011 1:45:50 PM - System Checkpoint
RP1806: 10/14/2011 4:28:52 PM - System Checkpoint
RP1807: 10/14/2011 11:10:40 PM - Software Distribution Service 3.0
RP1808: 10/16/2011 9:16:39 AM - System Checkpoint
RP1809: 10/17/2011 1:43:42 PM - System Checkpoint
RP1810: 10/18/2011 2:09:55 PM - System Checkpoint
RP1811: 10/20/2011 10:11:56 AM - System Checkpoint
RP1812: 10/21/2011 10:25:27 AM - System Checkpoint
RP1813: 10/22/2011 12:13:21 PM - System Checkpoint
RP1814: 10/23/2011 5:04:53 PM - System Checkpoint
RP1815: 10/24/2011 7:30:40 PM - System Checkpoint
RP1816: 10/25/2011 8:09:27 PM - System Checkpoint
RP1817: 10/26/2011 9:35:00 PM - System Checkpoint
RP1818: 10/28/2011 10:14:03 AM - System Checkpoint
RP1819: 10/29/2011 3:48:14 PM - System Checkpoint
RP1820: 10/31/2011 11:21:54 AM - System Checkpoint
RP1821: 11/1/2011 3:16:41 PM - System Checkpoint
RP1822: 11/2/2011 3:41:47 PM - System Checkpoint
RP1823: 11/3/2011 8:42:07 PM - System Checkpoint
RP1824: 11/5/2011 8:27:27 AM - System Checkpoint
RP1825: 11/6/2011 1:20:11 PM - System Checkpoint
RP1826: 11/7/2011 3:20:20 PM - System Checkpoint
RP1827: 11/8/2011 8:53:23 PM - System Checkpoint
RP1828: 11/9/2011 11:00:27 AM - Software Distribution Service 3.0
RP1829: 11/10/2011 2:59:43 PM - System Checkpoint
RP1830: 11/11/2011 11:00:26 AM - Software Distribution Service 3.0
RP1831: 11/12/2011 3:50:55 PM - System Checkpoint
RP1832: 11/13/2011 5:01:57 PM - System Checkpoint
RP1833: 11/14/2011 9:41:13 PM - System Checkpoint
RP1834: 11/16/2011 9:34:34 AM - System Checkpoint
RP1835: 11/17/2011 3:12:16 PM - System Checkpoint
RP1836: 11/18/2011 6:54:59 PM - System Checkpoint
RP1837: 11/19/2011 7:46:58 PM - System Checkpoint
RP1838: 11/21/2011 11:38:49 AM - System Checkpoint
RP1839: 11/22/2011 3:44:18 PM - System Checkpoint
RP1840: 11/23/2011 7:09:36 PM - System Checkpoint
RP1841: 11/25/2011 11:41:50 AM - System Checkpoint
RP1842: 11/26/2011 3:02:49 PM - System Checkpoint
RP1843: 11/27/2011 3:27:03 PM - System Checkpoint
RP1844: 11/28/2011 9:50:51 PM - System Checkpoint
RP1845: 11/30/2011 9:20:37 AM - System Checkpoint
RP1846: 12/1/2011 2:36:57 PM - System Checkpoint
RP1847: 12/2/2011 8:09:55 PM - System Checkpoint
RP1848: 12/3/2011 10:19:59 PM - System Checkpoint
RP1849: 12/5/2011 10:22:46 AM - System Checkpoint
RP1850: 12/6/2011 3:01:02 PM - System Checkpoint
RP1851: 12/7/2011 3:13:18 PM - System Checkpoint
RP1852: 12/8/2011 8:36:48 PM - System Checkpoint
RP1853: 12/10/2011 9:42:22 AM - System Checkpoint
RP1854: 12/11/2011 11:43:44 AM - System Checkpoint
RP1855: 12/12/2011 1:38:47 PM - System Checkpoint
RP1856: 12/13/2011 7:24:48 PM - System Checkpoint
RP1857: 12/14/2011 9:59:10 PM - Software Distribution Service 3.0
RP1858: 12/16/2011 11:33:46 AM - System Checkpoint
RP1859: 12/17/2011 3:27:49 PM - System Checkpoint
RP1860: 12/18/2011 6:46:11 PM - System Checkpoint
RP1861: 12/19/2011 8:32:56 PM - System Checkpoint
RP1862: 12/20/2011 9:16:07 PM - System Checkpoint
RP1863: 12/22/2011 9:48:25 AM - System Checkpoint
RP1864: 12/23/2011 10:17:16 AM - System Checkpoint
RP1865: 12/24/2011 12:17:15 PM - System Checkpoint
RP1866: 12/25/2011 6:09:03 PM - System Checkpoint
RP1867: 12/27/2011 8:41:51 AM - System Checkpoint
RP1868: 12/28/2011 9:53:12 AM - System Checkpoint
RP1869: 12/29/2011 11:50:36 AM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
RP1870: 12/29/2011 11:55:53 AM - Removed Skype™ 5.3
RP1871: 12/29/2011 11:57:16 AM - Removed Skype Toolbars
RP1872: 12/30/2011 12:13:42 PM - Installed HiJackThis
RP1873: 12/1/2011 9:54:58 AM - System Checkpoint
RP1874: 1/1/2012 3:53:11 PM - System Checkpoint
RP1875: 1/2/2012 8:51:00 PM - System Checkpoint
RP1876: 1/4/2012 11:08:05 AM - System Checkpoint
RP1877: 1/5/2012 1:45:51 PM - System Checkpoint
RP1878: 1/6/2012 4:42:53 PM - System Checkpoint
RP1879: 1/7/2012 12:09:50 PM - Removed McAfee VirusScan Enterprise
RP1880: 1/7/2012 1:28:08 PM - Removed McAfee Agent.
RP1881: 1/7/2012 1:29:51 PM - Removed Google Talk Plugin
RP1882: 1/7/2012 1:32:16 PM - Removed Bonjour
RP1883: 1/7/2012 1:33:49 PM - Removed QuickTime
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
aioprnt
aioscnnr
AOLIcon
ArcSoft PhotoStudio 5.5
Belkin Setup and Router Monitor
C4USelfUpdater
CCleaner
CCScore
center
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
ELIcon
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
essentials
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Games, Music, & Photos Launcher
Garmin MapSource
Garmin USB Drivers
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) Processor ID Utility
Intel(R) PROSet for Wired Connections
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 7.1.8 (Basic)
kgcbase
Kodak AIO Printer
KODAK AiO Software
ksDIP
Malwarebytes Anti-Malware version 1.60.0.1800
MapSource - Americas BlueChart v5
Maxtor Manager
MCU
Media Player Classic - Home Cinema v1.5.1.2903
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ Run Time Lib Setup
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
netbrdg
NetWaiting
ocr
OfotoXMI
PreReq
Presto! PageManager 7.15.13
Qualxserve Service Agreement
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
staticcr
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955759)
Update for Windows XP (KB971029)
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
WinPatrol 2009
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 9:00:13 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0016765F050B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/7/2012 12:10:39 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/6/2012 8:10:22 AM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070005.
1/4/2012 9:38:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/4/2012 9:38:54 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 6:35:54 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
1/3/2012 10:04:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
.
==== End Of File ===========================
-
Hi,
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
-
ComboFix 12-01-07.03 - mimielf 01/08/2012 8:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.604 [GMT -5:00]
Running from: c:\documents and settings\mimielf\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\mimielf\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\mimielf\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\program files\CouponAlert_2pEI
c:\windows\isRS-000.tmp
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\SET85.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SETA4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-07 18:08 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD9ABE18-3FFF-4984-9A83-5C716A0AA62C}\mpengine.dll
2012-01-07 17:26 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 17:26 . 2012-01-07 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 17:15 . 2012-01-07 17:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-01 17:09 . 2012-01-01 17:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp
2011-12-30 18:33 . 2011-12-30 18:33 -------- d-----w- c:\documents and settings\All Users\Kodak
2011-12-30 18:30 . 2011-06-16 22:53 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-12-30 18:30 . 2011-06-16 22:53 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-12-30 18:30 . 2011-06-16 22:53 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-12-30 18:11 . 2011-12-30 18:42 -------- d-----w- c:\documents and settings\mimielf\Local Settings\Application Data\Eastman_Kodak_Company
2011-12-30 18:11 . 2011-12-30 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2011-12-30 18:00 . 2011-12-30 18:29 -------- d-----w- c:\program files\Kodak
2011-12-30 17:25 . 2011-12-30 17:25 -------- d-----w- c:\program files\ERUNT
2011-12-30 17:13 . 2011-12-30 17:13 388096 ----a-r- c:\documents and settings\mimielf\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-30 17:13 . 2011-12-30 17:13 -------- d-----w- c:\program files\Trend Micro
2011-12-30 15:39 . 2011-12-30 15:39 -------- d-----w- c:\documents and settings\mimielf\Application Data\Malwarebytes
2011-12-30 15:36 . 2011-12-30 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-19 21:32 . 2011-12-19 21:32 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-12-17 11:34 . 2011-02-15 18:17 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-12-17 11:33 . 2011-12-17 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 13:57 . 2011-05-14 16:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 19:29 . 2010-10-04 23:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-10 17:51 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-10 21:13 . 2011-03-26 12:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"9322:TCP"= 9322:TCP:EKDiscovery
.
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 4:32 PM 394672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/7/2012 12:26 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2012 12:26 PM 20464]
S1 MpKsl129d2e77;MpKsl129d2e77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C65B31D-4B1C-4EEA-B47B-79BA5CFF28C4}\MpKsl129d2e77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C65B31D-4B1C-4EEA-B47B-79BA5CFF28C4}\MpKsl129d2e77.sys [?]
S1 MpKsl3e6cbb94;MpKsl3e6cbb94;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB2156C0-02FC-4330-9FF3-44C53EE3B330}\MpKsl3e6cbb94.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB2156C0-02FC-4330-9FF3-44C53EE3B330}\MpKsl3e6cbb94.sys [?]
S1 MpKsl541fe588;MpKsl541fe588;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{954EF865-2EFC-4701-911B-41446EC04533}\MpKsl541fe588.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{954EF865-2EFC-4701-911B-41446EC04533}\MpKsl541fe588.sys [?]
S1 MpKsle31f4126;MpKsle31f4126;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36CAD7CD-60E5-4143-89B1-94855DF16442}\MpKsle31f4126.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36CAD7CD-60E5-4143-89B1-94855DF16442}\MpKsle31f4126.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 9:39 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 9:39 AM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 23:49]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:39]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:39]
.
2012-01-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&si=1006318
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=20110501213502744&tb_oid=01-05-2011&tb_mrud=01-05-2011
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A2da3c725-9c93-462f-b338-225e51809884&locale=us
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&ind=2011111512&ptnrS=CDxdm162YYus&si=1006318&n=77df2058&psa=&st=kwd&searchfor=
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(protocol-handler.warn-external.dnUpdate, false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Google Update - c:\documents and settings\mimielf\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-08 08:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-01-08 09:04:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 14:04
.
Pre-Run: 32,456,531,968 bytes free
Post-Run: 32,698,695,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 917D41AB47724DBA2A194FF8CA512137
-
H,
Lets run this program and see whats left to remove
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
-
otl txt
OTL logfile created on: 1/8/2012 12:50:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mimielf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.25 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 61.91% Memory free
1.86 Gb Paging File | 1.51 Gb Available in Paging File | 81.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 30.90 Gb Free Space | 58.62% Space Free | Partition Type: NTFS
Drive D: | 18.06 Gb Total Space | 5.03 Gb Free Space | 27.84% Space Free | Partition Type: NTFS
Computer Name: MIMI | User Name: mimielf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\mimielf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\61f93e98f880d193c7507dd4bd783071\Inkjet.Automation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\92c110e2f9e336a7b1915a087c4505d2\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\bd36e805b0c8db5be9902e2ef4ff740e\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\6c308afb1b1cc24c392f30e8166514de\Inkjet.Localization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\1e4ef830d6f5617fccce4fa99f03ec4e\Inkjet.Utilities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\fb5e40b1212c7523933bccffaa9c469f\Inkjet.Hardware.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\fcbe7f69eb23bcdcac7f223cf1ebab2a\Inkjet.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\349b5a25e18cd32bac336fcfd5433d47\Inkjet.Statistics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (MpKsl455d49ed) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04623A96-80F1-49CD-A959-1D01392AA43B}\MpKsl455d49ed.sys (Microsoft Corporation)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...93C&si=1006318
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No CLSID value found
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=20110501213502744&tb_oid=01-05-2011&tb_mrud=01-05-2011"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A2da3c725-9c93-462f-b338-225e51809884&locale=us"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&ind=2011111512&ptnrS=CDxdm162YYus&si=1006318&n=77df2058&psa=&st=kwd&searchfor="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 12:10:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/26 21:52:28 | 000,000,000 | ---D | M]
[2008/10/14 19:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Extensions
[2012/01/06 08:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\extensions
[2010/03/04 19:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/27 13:20:45 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/12/29 11:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIMIELF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L7DIPBT1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIMIELF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L7DIPBT1.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIMIELF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L7DIPBT1.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
[2011/11/10 16:13:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/26 07:31:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 16:13:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/01/08 08:50:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC75FCC5-AE4E-4090-ABCD-521B3D953CA9}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mimielf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mimielf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/08 12:48:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mimielf\Desktop\OTL.exe
[2012/01/08 09:52:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mimielf\Recent
[2012/01/08 08:34:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/08 08:32:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/08 08:32:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/08 08:32:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/08 08:32:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/08 08:32:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/08 08:24:43 | 004,374,678 | R--- | C] (Swearware) -- C:\Documents and Settings\mimielf\Desktop\ComboFix.exe
[2012/01/07 12:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/01 12:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2011/12/30 13:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Kodak
[2011/12/30 13:30:28 | 000,131,072 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJCOINST12.dll
[2011/12/30 13:30:25 | 000,425,984 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJ5000MON.dll
[2011/12/30 13:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimielf\Local Settings\Application Data\Eastman_Kodak_Company
[2011/12/30 13:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2011/12/30 13:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kodak
[2011/12/30 13:04:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mimielf\Desktop\fixes
[2011/12/30 13:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2011/12/30 12:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/30 12:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/30 12:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/30 12:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimielf\Start Menu\Programs\HiJackThis
[2011/12/30 12:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/30 10:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimielf\Application Data\Malwarebytes
[2011/12/30 10:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/19 16:32:26 | 000,323,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaaut.dll
[2011/12/17 06:34:41 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\AFGSp50.sys
[2011/12/17 06:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/08 12:48:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mimielf\Desktop\OTL.exe
[2012/01/08 12:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 11:06:16 | 000,443,202 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/08 11:06:16 | 000,072,276 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 09:24:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/08 09:19:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 09:19:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 09:18:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/08 09:18:50 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 08:50:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/08 08:34:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/08 08:25:00 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\mimielf\Desktop\ComboFix.exe
[2012/01/07 21:14:52 | 000,012,984 | ---- | M] () -- C:\Documents and Settings\mimielf\Application Data\wklnhst.dat
[2012/01/07 13:51:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/07 12:18:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/30 13:20:27 | 000,002,664 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/12/29 08:57:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/19 16:32:26 | 000,323,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaaut.dll
[2011/12/15 08:37:53 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/11 13:43:26 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/01/08 08:34:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/08 08:34:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/08 08:32:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/08 08:32:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/08 08:32:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/08 08:32:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/08 08:32:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/07 12:21:58 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/07 12:15:59 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/05 17:50:29 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/22 18:35:49 | 000,000,363 | ---- | C] () -- C:\WINDOWS\TBSVM61.INI
[2009/11/11 09:27:08 | 000,103,474 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2009/11/11 09:27:08 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2009/08/20 11:18:42 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\kodakpcd.ini
[2008/08/22 10:34:31 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/22 10:34:31 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BE06F97A93.sys
[2007/09/24 15:51:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2007/09/20 11:55:37 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/09/20 11:04:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/09/20 11:04:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/12/01 13:48:45 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/08/15 17:49:45 | 000,000,014 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/12 12:32:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2006/08/10 12:37:17 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/17 21:09:33 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/20 20:14:38 | 000,012,984 | ---- | C] () -- C:\Documents and Settings\mimielf\Application Data\wklnhst.dat
[2006/06/17 16:23:16 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/06/17 11:59:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/17 07:30:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.rob.ini
[2006/06/16 15:20:21 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\fusioncache.dat
[2006/06/16 10:49:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.mimielf.ini
[2006/05/19 23:33:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/19 23:29:31 | 000,004,406 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/19 23:25:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/19 23:22:35 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/19 23:20:25 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/19 23:16:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/19 22:52:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/19 22:51:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/19 22:51:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,239,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,443,202 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,072,276 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2011/12/17 06:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/07/09 12:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2011/12/30 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/11/04 19:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/04/02 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/03/14 09:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/30 10:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/12/08 12:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2010/11/25 12:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/10/01 08:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/12/02 11:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/05 09:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/01 12:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2010/05/18 06:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Canon
[2006/09/12 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Snapfish
[2011/12/30 13:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Temp
[2006/07/29 09:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Template
[2007/02/08 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Viewpoint
[2009/08/17 07:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\WinPatrol
[2010/08/03 11:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\wsInspector
[2012/01/08 09:24:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules