Infected by trojan, several issues

[Kman1566]

Did not see

sed
grep
cfexe

Here is the scan log

OTL logfile created on: 1/30/2014 10:46:47 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.17% Memory free
4.85 Gb Paging File | 3.73 Gb Available in Paging File | 76.97% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 358.94 Gb Free Space | 78.65% Space Free | Partition Type: NTFS
Drive E: | 22.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 931.48 Gb Total Space | 878.43 Gb Free Space | 94.30% Space Free | Partition Type: NTFS

Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3cfe541801464f814cda12ab6e689ce9\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e42add37a8042c021319c3dfa982e208\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\2d837a3e24db0f672c71f3ecda4ca5f3\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\75145e5d0633bc01a8ad6094c842f748\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bae93d40999e6497d4efb81429d15943\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\065efe0fe58c464f5fb108cb0791e6ad\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25798162f0e3229e9754b28f5b6d9dd\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b01bf82d99cca42b8140884fb833583d\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\cab8d2f8933390bab32c35c5c6a479bd\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d003678ca517c092dcbfba8eb093492a\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e729dd9b653def0664bf0efcf22dc112\PresentationFramework.Luna.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\ea6d629845ae70ac07d65ff9663d723e\Microsoft.VisualC.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\webres.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.Controls.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()


========== Services (SafeList) ==========

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.url: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]

[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RDGM2N4Q.DEFAULT-1390948800390\EXTENSIONS\SPEEDDIAL@INSTAIR.NET
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

O1 HOSTS File: ([2014/01/28 16:49:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...1/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1342719157853 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00363636-33FF-484C-A8F8-89AC0BAF378A}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/02 13:14:20 | 000,000,082 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe -- [2011/03/09 14:27:17 | 003,728,752 | R--- | M] (Western Digital)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/30 08:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Local Settings\Application Data\Western_Digital
[2014/01/30 08:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/01/30 08:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2014/01/30 08:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WD SmartWare
[2014/01/30 07:43:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014/01/28 20:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\jan 2014 infection fix
[2014/01/28 16:49:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/30 10:42:03 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/30 08:30:48 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2014/01/30 08:14:05 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/30 08:12:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/30 08:12:17 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/30 08:12:17 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/30 07:57:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/30 07:53:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/30 07:53:35 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 16:49:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/30 08:30:47 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2014/01/30 07:53:35 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2014/01/30 08:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

[ken545]

Your fine,

You can delete this C:\Qoobox

Drag Combofix to the trash

How is everything running now ?

[Kman1566]

Seems to be good except I am still unable to Disable my "Local Area Connection" by right clicking the icon and selecting disable. I get an "ERROR DISABLING CONNECTION" message that states the connection may be using one or more protocols that do not support Plug-and-Play or that it may have been initiated by another user or system account. This just seems odd as I never saw this message before. I went to "show all connections" and attempted to delete it in order to create a new one and received the same message. Should I be concerned?

[ken545]

No, not sure whats up with that. If your concerned you can post at Whathetech in there networking forum as all we do on this one is malware removal, like safer its free but you will need to register and create and account



http://forums.whatthetech.com/index.php?showforum=128



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed

• How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

[Kman1566]

Will do, also I did check the McAfee forums and there does seem to be alot if Updating Issues so I will continue with their online support.

Thanks again for all your help, time and patience,

Greatfully,
Kman1566

[ken545]

Your very welcome

Ken

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.