Blocked from running Spybot or any other malware remover

Status
Not open for further replies.
Okay, I'll let it run as long as it needs to then. I am a night owl, in fact, so I'll try to keep an eye on it for the next 2 to 3 hours.

Thanks for everything so far!
 
Okay, I let it run for 4 hours more and still nothing changed. So finally I had to quit ComboFix and do a hard reboot. After starting my PC again, I ran ComobFix one more time.

This time it updated itself before starting a new scan. Again, it made it past Stage 50, then stalled once more. I left it running for 1 hour, then had to do a forced quit once more. I've given up on trying to get a log out of this program now. It refuses to let me reach the end of the scan.

So, what next?

--Ryodin

P.S. -- I've downloaded my 4th copy of OTL to my infected machine and will give that another chance. Keep in my mind that I still have 3 previous copies that refuse to be accessed or deleted. I don't know how to get rid of those. This 4th copy, however, seems to actually be working now. I'm in the process of running an actual scan in OTL! I've never gotten this far before! Will post the two logs from this if I get that far.
 
Phew! For a second there it seemed like OTL stalled halfway through as well. But then I walked away and came back in an hour and found the two log files waiting for me! :)

So, first I'm going to paste the OTL log below. In my next post, I'll paste the Extras log separately.


==========================================================
OTL logfile created on: 8/21/2011 5:27:38 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\David Batista\Desktop\OTL3
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.53% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 37.75 Gb Free Space | 33.79% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 657.48 Gb Free Space | 70.58% Space Free | Partition Type: NTFS

Computer Name: D139KB41 | User Name: David Batista | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\David Batista\Desktop\OTL3\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\846dd505f97805f00999ee26aec9bf75\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e3a0205acab2215fbad7927d9d483aeb\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\db2d84e279807592a680ef4135e9fe9a\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll ()
MOD - C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll ()
MOD - C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\LXBLPP5C.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys (McAfee, Inc.)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (WDC_SAM) -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys (Western Digital Technologies)
DRV - (BVRPMPR5) -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS (Avanquest Software)
DRV - (Serial) -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys ()
DRV - (PalmUSBD) -- C:\WINDOWS\SYSTEM32\DRIVERS\PalmUSBD.sys (PalmSource, Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (GoProto) -- C:\WINDOWS\SYSTEM32\DRIVERS\goprot51.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (SDDMI2) -- C:\WINDOWS\SYSTEM32\DDMI2.sys (Gteko Ltd.)
DRV - (RIOUNIV) -- C:\WINDOWS\SYSTEM32\DRIVERS\RIOUNIV.SYS (Digital Networks North America, Inc.)
DRV - (Jukebox) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys (Creative Technology Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 22 D2 04 02 82 18 EE 45 BA B4 82 4C BA 7E EB 8F [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/08 17:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/09 23:11:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/17 15:58:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/08 17:26:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2010/12/09 23:11:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2011/06/17 15:58:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/12 21:10:38 | 000,394,487 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13648 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110820163657.dll (McAfee, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\David Batista\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\David Batista\Start Menu\Programs\Startup\HotSync Manager.LNK = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\David Batista\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://download.microsoft.com/downl...-a3de-373c3e5552fc/msSecAdv.cab?1080172047671 (MSSecurityAdvisor Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} http://www.webshots.com/samplers/WSDownloader.ocx (WSDownloader Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1216138451140 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164772634593 (MUWebControl Class)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} http://www.microsoft.com/security/controls/DoomCln.CAB (DoomCln Object)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4342/mcfscan.cab (McFreeScan Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David Batista\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Batista\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/21 05:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\OTL3
[2011/08/21 05:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/08/21 03:27:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/20 21:20:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/20 21:20:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/20 21:20:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/20 21:20:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/20 21:20:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/20 21:20:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David Batista\Start Menu\Programs\Administrative Tools
[2011/08/20 20:02:04 | 004,179,400 | R--- | C] (Swearware) -- C:\Documents and Settings\David Batista\Desktop\ComboFix.exe
[2011/08/20 17:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\OTL2
[2011/08/20 17:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\tdsskiller
[2011/08/20 11:59:52 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\David Batista\Desktop\aswMBR.exe
[2011/08/20 10:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\Logs
[2011/08/19 19:31:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/08/18 22:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Start Menu\Programs\HiJackThis
[2011/08/13 19:51:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Batista\Desktop\Justified Season 2
[2011/07/23 11:15:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/07/23 11:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2006/03/25 20:23:03 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/21 05:18:09 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/08/21 05:16:56 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/21 05:16:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/08/21 03:26:42 | 004,179,400 | R--- | M] (Swearware) -- C:\Documents and Settings\David Batista\Desktop\ComboFix.exe
[2011/08/20 17:12:22 | 001,389,603 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\tdsskiller.zip
[2011/08/20 17:07:18 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\rkill.exe
[2011/08/20 16:08:57 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\exeHelper.com
[2011/08/20 11:59:52 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\David Batista\Desktop\aswMBR.exe
[2011/08/20 11:59:19 | 000,580,096 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\OTL.exe
[2011/08/20 10:59:11 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/19 18:19:22 | 072,274,320 | ---- | M] () -- C:\Documents and Settings\David Batista\Desktop\msert.exe
[2011/08/18 23:03:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/13 21:52:13 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\David Batista\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 12:13:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/10 18:03:29 | 000,460,718 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/10 18:03:29 | 000,079,804 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/08/10 17:59:10 | 052,390,856 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2011/07/31 13:05:34 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/07/31 13:05:34 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/07/25 11:17:44 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/20 21:20:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/20 21:20:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/20 21:20:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/20 21:20:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/20 21:20:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/20 17:12:22 | 001,389,603 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\tdsskiller.zip
[2011/08/20 17:07:16 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\rkill.exe
[2011/08/20 16:08:57 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\exeHelper.com
[2011/08/20 11:59:17 | 000,580,096 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\OTL.exe
[2011/08/19 18:19:17 | 072,274,320 | ---- | C] () -- C:\Documents and Settings\David Batista\Desktop\msert.exe
[2011/05/29 13:02:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/29 13:02:53 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/08 18:05:09 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat.temp
[2011/04/08 17:08:21 | 000,207,553 | ---- | C] () -- C:\WINDOWS\hpwins28.dat
[2011/04/08 17:08:21 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat
[2011/01/09 19:13:14 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/01/08 12:23:23 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/01/05 20:50:26 | 000,003,018 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2011/01/05 20:49:12 | 000,522,928 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/01/05 20:49:12 | 000,017,766 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/12/27 02:45:44 | 000,365,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/14 22:13:04 | 000,055,524 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/03/12 18:45:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/02/16 11:54:31 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/02/16 11:54:31 | 000,003,453 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/06/20 22:44:39 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/12/25 15:08:14 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/29 20:43:15 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2006/06/05 22:00:42 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\DC5F143025.sys
[2006/01/29 17:40:02 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2530145FDC.sys
[2006/01/29 17:37:52 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/12 01:15:15 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/12 01:15:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/11/23 00:00:00 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005/11/06 23:30:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/11/06 23:19:14 | 000,000,907 | ---- | C] () -- C:\WINDOWS\DIPLOMA.INI
[2005/11/06 23:19:08 | 000,000,143 | ---- | C] () -- C:\WINDOWS\BRGVARS.INI
[2005/11/06 23:18:21 | 000,000,367 | ---- | C] () -- C:\WINDOWS\SETUPEXE.INI
[2005/11/02 23:20:48 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/26 15:37:48 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/08/12 17:57:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/11 23:33:09 | 052,390,856 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2005/03/05 20:35:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/12/04 21:20:04 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\David Batista\Local Settings\Application Data\fusioncache.dat
[2004/11/28 18:58:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/09/30 18:37:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/06 16:05:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/06/16 21:44:49 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2004/03/29 22:19:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2004/03/27 18:43:43 | 000,095,440 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2004/03/27 18:43:40 | 000,009,372 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/03/21 23:10:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\StaticIm.dll
[2004/03/21 23:10:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VService.dll
[2004/02/28 01:30:47 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2004/02/21 19:40:33 | 000,003,859 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/02/21 17:04:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2004/02/21 17:03:51 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2004/02/21 17:03:01 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/02/21 17:01:55 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2004/02/21 17:00:25 | 000,001,652 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2004/02/21 17:00:25 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2004/02/21 17:00:25 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2004/02/21 03:27:14 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\David Batista\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/21 03:21:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2004/02/21 01:54:56 | 000,000,427 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2004/02/17 04:57:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/02/17 04:48:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/02/17 04:45:36 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/02/17 04:41:25 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/02/17 04:40:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/02/17 04:37:36 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/02/17 04:25:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/02/17 04:23:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/02/17 04:23:34 | 000,460,718 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/02/17 04:23:34 | 000,079,804 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/02/17 04:23:23 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/02/17 04:11:26 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/08/14 00:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/26 10:23:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBLIH.EXE
[2003/03/26 10:19:44 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/09/03 11:05:08 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 10:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 10:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 10:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 10:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 07:00:00 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\serial.sys
[2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2001/07/19 10:52:39 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2007/08/18 14:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2007/08/18 14:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/08/18 22:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/08/16 17:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2004/11/28 19:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2006/03/26 17:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2004/02/17 04:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/23 01:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2006/12/23 20:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/09 13:58:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/04/01 21:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 21:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/20 19:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/01 14:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Canon
[2008/09/28 15:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\CoreCodec
[2011/08/21 05:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Dropbox
[2009/07/25 12:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\FUJIFILM
[2007/08/18 14:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\HotSync
[2009/11/24 21:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\ieSpell
[2011/01/08 15:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\iolo
[2010/08/16 17:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Juniper Networks
[2004/02/21 17:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Leadertech
[2006/08/29 20:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Musicmatch
[2005/10/07 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Red Chair Software
[2007/01/28 14:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Batista\Application Data\Viewpoint
[2011/08/18 23:03:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DLLCACHE\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 15:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2004/09/30 18:41:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/07/22 22:04:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 11:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\DLLCACHE\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 03:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 07:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\DLLCACHE\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 03:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 03:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 07:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\DLLCACHE\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[15 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 10:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\DEFAULT.SAV
[2002/09/03 10:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\SOFTWARE.SAV
[2002/09/03 10:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\config\SYSTEM.SAV

< End of report >
=========================================================


--Ryodin
 
Here is the Extras log:


=========================================================
OTL Extras logfile created on: 8/21/2011 5:27:38 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\David Batista\Desktop\OTL3
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.53% Memory free
3.85 Gb Paging File | 3.17 Gb Available in Paging File | 82.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.73 Gb Total Space | 37.75 Gb Free Space | 33.79% Space Free | Partition Type: NTFS
Drive F: | 931.48 Gb Total Space | 657.48 Gb Free Space | 70.58% Space Free | Partition Type: NTFS

Computer Name: D139KB41 | User Name: David Batista | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Palm\HOTSYNC.EXE" = C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
"C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe" = C:\Program Files\Red Chair Software\Dudebox Explorer\dudemgr.exe:*:Enabled:Red Chair Manager -- (Red Chair Software, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe" = C:\Program Files\Red Chair Software\Deubox Explorer\deumgr.exe:*:Enabled:Deubox Xtreamer -- (Red Chair Software, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe" = C:\Program Files\HP\Digital Imaging\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{26C849AB-1865-412D-B87D-B18BC5CB6C60}" = OpenMG Secure Module 3.4.01
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.0.06
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}" = EarthLink Setup Files
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload Software
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB807EB6-5179-48B7-98D4-7B4934A57A81}" = Documents To Go
"{ED55BFEF-90F3-4926-9536-D94FDBBF65DC}" = Zune
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F445476A-42DE-11D4-80D0-00C04F2750A6}" = Epocrates Essentials
"{FA66D65A-6413-43AF-8F29-B22EFEC29869}" = Diagnosaurus
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"360Share" = 360Share(remove only)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"AudibleDownloadManager" = Audible Download Manager
"BitLord" = BitLord 1.1
"BitTorrent" = BitTorrent 3.4.1
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V.9x 56K DF PCI Modem
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CSCLIB" = Canon Camera Support Core Library
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell File Manager" = Dell File Manager
"Deubox Explorer" = Deubox Explorer (remove only)
"Dudebox Explorer" = Dudebox Explorer (remove only)
"E0429B4C05C33DC75CE1CFFF1BAEFFAC69815744" = Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
"EOS Utility" = Canon Utilities EOS Utility
"FLV Player2.0.25" = FLV Player
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{523BD5B6-E904-493C-B902-1BC9B7D44DF4}" = Lexmark Photo Center
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Java Web Start" = Java Web Start
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV TO AVI CONVERTER_is1" = MKV TO AVI CONVERTER version 3.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape (7.1)" = Netscape (7.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"OpenMG HotFix3.4-04-14-17-01" = OpenMG Limited Patch 3.4-04-17-06-01
"Optimum Online net guide" = Optimum Online net guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Scrivener 021" = Scrivener
"Scrivener 022" = Scrivener
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Super Bounce Out!" = Super Bounce Out!
"System Requirements Lab" = System Requirements Lab
"The Core Media Player" = The Core Media Player 4.0
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Webshots Desktop" = Webshots Desktop
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Adobe Digital Editions" = Adobe Digital Editions
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Lexi-CONNECT" = Lexi-CONNECT

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/20/2011 11:05:11 PM | Computer Name = D139KB41 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/26/2011 1:04:52 PM | Computer Name = D139KB41 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/9/2011 8:34:09 PM | Computer Name = D139KB41 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19088, fault address 0x0029c203.

Error - 7/21/2011 5:06:54 PM | Computer Name = D139KB41 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2011 1:06:33 PM | Computer Name = D139KB41 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 7/31/2011 1:05:52 PM | Computer Name = D139KB41 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/3/2011 11:31:24 PM | Computer Name = D139KB41 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/21/2011 3:39:35 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 8/21/2011 3:39:35 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 8/21/2011 4:51:02 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/21/2011 5:08:53 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/21/2011 5:18:44 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 8/21/2011 5:18:46 AM | Computer Name = D139KB41 | Source = ZuneNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in the Zune software,
and then restart the ZuneNetworkSvc service.

Error - 8/21/2011 5:18:46 AM | Computer Name = D139KB41 | Source = ZuneNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in the Zune software,
and then restart the ZuneNetworkSvc service.

Error - 8/21/2011 5:18:46 AM | Computer Name = D139KB41 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 8/21/2011 5:52:40 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/21/2011 6:10:31 AM | Computer Name = D139KB41 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >
=========================================================


--Ryodin
 
Oh, I know. I looked for it, but it's not there. There's a folder called "ComboFix" on my C: drive, but when I double click on it, it shows me an identical map of my "My Computer" folder. Meaning, I see all my drives and external hardware listed just as if I had clicked open the "My Computer" folder. It's strange. I can't find a .txt file related to ComboFix anywhere, either.

As I mentioned before, I can't seem to get to the end of the scan with ComboFix where it generates a log.
 
Bill,

I just received a warning from my McAfee Security Center informing me that it is blocking a potentially unwanted program from running on my PC.

Here's the message:

"About This Potentially Unwanted Program
Name: Tool-NirCmd
Quarantined from: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP921\A0129834.exe"

McAfee is asking me if I want to "Remove" or "Allow" the program. What should I do?

--Ryodin
 
That file is in the C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624} witch is the location of your system restore point data and files. I would leave it. We will delete all old restore points that may contain infections, soon. If you wish you can turn off system restore now and loose all of your restore points and data, restart system restore and create a restore point now.
 
Okay, I'll leave it. And I don't want to mess around with the system restore points until we're completely done.

Thanks, Bill!

--Ryodin
 
Greetings Ryodin,
We really need to see the combofix log, so let's try it this way. Please note there are a couple of changed steps.

First
Boot to Safe mode with networking by restarting your PC and begin tapping the F8 key at one second intervals. When the Windows Advanced Options menu appears use the arrow key to scroll down to Safe Mode with Networking. Hit enter and boot to a desktop.

Next
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
Download Combofix from any of the links below. Save it to your desktop. When saving select Save As ... and change the name to ryod.exe.

Link 1
Link 2


CF_download_FF.gif


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


CFRCNeeded.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
CF2.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
I booted up in Safe Mode and am running ComboFix now.

The scan started at 4:20. It made it to Stage 50 complete at 4:35. It's 4:50 now and it has not gone beyond this point. Just as before, I'm fearing that this may be the best I can get out of ComboFix. The last time it sat there after Stage 50 complete for an hour before I gave up and shut it down.

I get the feeling this is going to happen again, even though it's only been 15 minutes. I'm leaving it running for now, but I'm not so sure it's going to make a difference.


--Ryodin
 
Quick update.

It's been over 2 hours now and still no change. The c:\Autoscan window is still open, and the command prompt is still blinking, but nothing has finalized.

Since I have no other options at this point, I suppose I'll just keep ComboFix running all night. If there's something else you want me to try, I'll do it. But for now I won't reply back tonight unless something changes.

--Ryodin
 
Well, looks like I have to learn a little patience. :D:

It took 5 hours, but it seems I've got my ComboFix log for you after all! I'm pasting it below. For now I'm keeping my PC in Safe Mode. Let me know if it is safe for me to reboot into normal mode.

========================================================
ComboFix 11-08-21.01 - David Batista 08/21/2011 16:19:14.5.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1683 [GMT -4:00]
Running from: c:\documents and settings\David Batista\Desktop\ryod.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))
.
.
2011-08-19 23:31 . 2011-08-19 23:31 -------- d--h--w- c:\windows\PIF
2011-08-19 02:16 . 2011-08-19 02:16 388096 ----a-r- c:\documents and settings\David Batista\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-23 15:02 . 2011-07-23 15:02 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 16:13 . 2011-05-19 02:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 17:20 . 2011-01-09 18:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2002-08-29 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2006-03-26 00:22 . 2006-03-26 00:23 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\documents and settings\David Batista\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-17 327680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-2-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Red Chair Software\\Dudebox Explorer\\dudemgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Red Chair Software\\Deubox Explorer\\deumgr.exe"=
"c:\\Documents and Settings\\David Batista\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/9/2011 2:00 PM 64288]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [5/8/2010 3:40 PM 89368]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/8/2010 3:40 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/8/2010 3:41 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/8/2010 3:41 PM 148520]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [5/8/2010 3:40 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/8/2010 3:40 PM 83688]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/8/2010 3:40 PM 214904]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 11:41 AM 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 11:45 AM 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 11:44 AM 484352]
S3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/8/2010 3:40 PM 57432]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 5:05 AM 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 5:05 AM 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/8/2010 3:40 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/8/2010 3:40 PM 85984]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 11:19]
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-21 21:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\windows\System32\l3codeca.acm
c:\windows\system32\DivXa32.acm
.
- - - - - - - > 'explorer.exe'(824)
c:\windows\system32\WININET.dll
c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-08-21 21:21:05
ComboFix-quarantined-files.txt 2011-08-22 01:20
ComboFix2.txt 2008-07-22 22:54
.
Pre-Run: 42,585,219,072 bytes free
Post-Run: 73,111,101,440 bytes free
.
- - End Of File - - 132128C627B6F54B188D0BA44F6C22D4
========================================================


--Ryodin
 
Are there any other programs to run or steps to take? I get the feeling I'm not done yet, correct?

And I still cannot delete the corrupted .exe files from off my desktop.

--Ryodin
 
Greetings Ryodin,

Please go to one of the below sites to scan the following files:
Virus Total
VirScan
jotti.org

click on Browse, and upload the following file for analysis:
C:\WINDOWS\System32\DC5F143025.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
When done please do this file also, C:\WINDOWS\System32[\2530145FDC.sys
 
Bill,

Okay, I analyzed the first file and here are the results below. I'll analyze the second file in a follow-up post.


=========================================================
Antivirus Version Last Update Result
AhnLab-V3 2011.08.23.01 2011.08.23 -
AntiVir 7.11.13.192 2011.08.23 -
Antiy-AVL 2.0.3.7 2011.08.23 -
Avast 4.8.1351.0 2011.08.23 -
Avast5 5.0.677.0 2011.08.23 -
AVG 10.0.0.1190 2011.08.23 -
BitDefender 7.2 2011.08.23 -
ByteHero 1.0.0.1 2011.08.22 -
CAT-QuickHeal 11.00 2011.08.23 -
ClamAV 0.97.0.0 2011.08.23 -
Commtouch 5.3.2.6 2011.08.23 -
Comodo 9847 2011.08.23 -
DrWeb 5.0.2.03300 2011.08.23 -
Emsisoft 5.1.0.10 2011.08.23 -
eSafe 7.0.17.0 2011.08.22 -
eTrust-Vet 36.1.8516 2011.08.23 -
F-Prot 4.6.2.117 2011.08.23 -
F-Secure 9.0.16440.0 2011.08.23 -
Fortinet 4.2.257.0 2011.08.23 -
GData 22 2011.08.23 -
Ikarus T3.1.1.107.0 2011.08.23 -
Jiangmin 13.0.900 2011.08.23 -
K7AntiVirus 9.111.5047 2011.08.23 -
Kaspersky 9.0.0.837 2011.08.23 -
McAfee 5.400.0.1158 2011.08.23 -
McAfee-GW-Edition 2010.1D 2011.08.23 -
Microsoft 1.7604 2011.08.23 -
NOD32 6404 2011.08.23 -
Norman 6.07.10 2011.08.23 -
nProtect 2011-08-23.01 2011.08.23 -
Panda 10.0.3.5 2011.08.23 -
PCTools 8.0.0.5 2011.08.23 -
Prevx 3.0 2011.08.23 -
Rising 23.72.01.03 2011.08.23 -
Sophos 4.68.0 2011.08.23 -
SUPERAntiSpyware 4.40.0.1006 2011.08.23 -
Symantec 20111.2.0.82 2011.08.23 -
TheHacker 6.7.0.1.282 2011.08.22 -
TrendMicro 9.500.0.1008 2011.08.23 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.23 -
VBA32 3.12.16.4 2011.08.23 -
VIPRE 10248 2011.08.23 -
ViRobot 2011.8.23.4635 2011.08.23 -
VirusBuster 14.0.181.1 2011.08.22 -
Additional informationShow all
MD5 : 0641a46f1e58529a42ead4573a3a0861
SHA1 : 2fa91927668fb0b3a4da32722825e15080cb5c21
SHA256: 9d7d948ef1329cc1db5fb77cbe9ed7bbf7d74cd8be1ad214689ebbe52a2267cb
ssdeep: 3:hl/n:r
File size : 8 bytes
First seen: 2008-03-02 16:02:20
Last seen : 2011-08-23 17:13:19
TrID:
MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
=========================================================


--Ryodin
 
And here is the second file analyzed:


========================================================
File name: 2530145FDC.sys
Submission date: 2011-08-23 17:21:05 (UTC)
Current status: queued queued analysing finished


Result: 0/ 44 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.08.23.01 2011.08.23 -
AntiVir 7.11.13.192 2011.08.23 -
Antiy-AVL 2.0.3.7 2011.08.23 -
Avast 4.8.1351.0 2011.08.23 -
Avast5 5.0.677.0 2011.08.23 -
AVG 10.0.0.1190 2011.08.23 -
BitDefender 7.2 2011.08.23 -
ByteHero 1.0.0.1 2011.08.22 -
CAT-QuickHeal 11.00 2011.08.23 -
ClamAV 0.97.0.0 2011.08.23 -
Commtouch 5.3.2.6 2011.08.23 -
Comodo 9847 2011.08.23 -
DrWeb 5.0.2.03300 2011.08.23 -
Emsisoft 5.1.0.10 2011.08.23 -
eSafe 7.0.17.0 2011.08.22 -
eTrust-Vet 36.1.8516 2011.08.23 -
F-Prot 4.6.2.117 2011.08.23 -
F-Secure 9.0.16440.0 2011.08.23 -
Fortinet 4.2.257.0 2011.08.23 -
GData 22 2011.08.23 -
Ikarus T3.1.1.107.0 2011.08.23 -
Jiangmin 13.0.900 2011.08.23 -
K7AntiVirus 9.111.5047 2011.08.23 -
Kaspersky 9.0.0.837 2011.08.23 -
McAfee 5.400.0.1158 2011.08.23 -
McAfee-GW-Edition 2010.1D 2011.08.23 -
Microsoft 1.7604 2011.08.23 -
NOD32 6404 2011.08.23 -
Norman 6.07.10 2011.08.23 -
nProtect 2011-08-23.01 2011.08.23 -
Panda 10.0.3.5 2011.08.23 -
PCTools 8.0.0.5 2011.08.23 -
Prevx 3.0 2011.08.23 -
Rising 23.72.01.03 2011.08.23 -
Sophos 4.68.0 2011.08.23 -
SUPERAntiSpyware 4.40.0.1006 2011.08.23 -
Symantec 20111.2.0.82 2011.08.23 -
TheHacker 6.7.0.1.282 2011.08.22 -
TrendMicro 9.500.0.1008 2011.08.23 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.23 -
VBA32 3.12.16.4 2011.08.23 -
VIPRE 10248 2011.08.23 -
ViRobot 2011.8.23.4635 2011.08.23 -
VirusBuster 14.0.181.1 2011.08.22 -
Additional informationShow all
MD5 : 521d9a238efc6f855bb98ea868a8ec55
SHA1 : 5c336f141a8496ff44b80e744cbac6f3f54fc6f8
SHA256: b1bd8cbc91e6d5c668f902c5cd8c2c3a97905e3389f5c24cac238791390b21bc
=========================================================


Apparently both files came back with 0.0% results.

--Ryodin
 
Status
Not open for further replies.
Back
Top