Google redirect+ Fraud Defense Center + McAfee auto update issue

Hi again, I think I misread your question before.
The Combofix log shown in my earlier post was from when I ran it yesterday. The issue with the Combofix icon disappearing when I tried to drag the script into it did occur after I had reinstalled McAfee. I guess it really doesn’t like the Combofix program??

During the McAfee install I was prompted to uninstall Spybot, but that seems to be the only program on my Desktop that does work, so I left it installed despite McAfee’s prompts to remove it. (By the way, I made sure to disable Spybot prior to running Combofix & getting that earlier report.)

The Kapersky scan is taking quite a while to run, so I’m going to go ahead and post the new DDS log & call it a night (it’s 3:20 am where I am.) If you get this message, can you advise me whether I should uninstall McAfee/reinstall Combofix? Will I be able to reinstall it again from their site?

When I get back online later today, I’ll post the Kapersky log & hopefully know what you suggest for my McAfee problem. Thank you for your patience & your help!

DDS (Ver_10-10-10.03) - NTFSx86
Run by - J.B. - at 3:25:16.40 on Thu 10/14/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.1215 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\C Technologies\C-Pen 20\CPen20.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe
C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Users\- J.B. -\AppData\Local\Temp\jkos-- J.B. -\binaries\ScanningProcess.exe
C:\Users\- J.B. -\AppData\Local\Temp\jkos-- J.B. -\binaries\ScanningProcess.exe
C:\Program Files\microsoft office\office12\winword.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\- J.B. -\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/p/1.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\-jb~1.-\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\-jb~1.-\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\c-pen2~1.lnk - c:\windows\installer\{e4cee700-1875-4214-9cbe-6058f5cf400e}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2010-10-14 54776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-1-30 179712]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-14 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-14 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-30 40552]
S3 CPen20;C-Pen 20;c:\windows\system32\drivers\CPen20.sys [2008-5-14 14382]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-30 34248]
S3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\drivers\pendfu.sys [2008-5-14 32376]

=============== Created Last 30 ================

2010-10-14 05:55:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 04:53:27 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-10-14 04:53:26 -------- d-----w- c:\program files\McAfee Online Backup
2010-10-14 04:51:17 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 04:51:17 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 04:51:15 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-10-13 23:56:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:56:50 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 23:55:01 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:50:00 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:50:00 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:49:31 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 23:49:29 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:49:25 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 17:09:07 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-13 16:57:13 98816 ----a-w- c:\windows\sed.exe
2010-10-13 16:57:13 77312 ----a-w- c:\windows\MBR.exe
2010-10-13 16:57:13 256512 ----a-w- c:\windows\PEV.exe
2010-10-13 16:57:13 161792 ----a-w- c:\windows\SWREG.exe
2010-10-13 16:57:07 -------- d-----w- C:\ComboFix
2010-10-12 16:27:23 -------- d-----r- c:\users\- j.b. -\Favorites
2010-10-12 15:37:12 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c8a7157c-dcbb-47a8-acb2-f8115ef10425}\mpengine.dll
2010-10-05 02:05:39 -------- d-----w- c:\progra~2\Citrix
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Videos
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Pictures
2010-10-05 00:55:22 -------- d-----r- c:\users\- j.b. -\Documents
2010-09-28 22:40:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:18:28 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-15 05:00:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-09-15 01:17:57 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:10:57 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:10:28 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:01:42 739328 ----a-w- c:\windows\system32\inetcomm.dll

==================== Find3M ====================

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 3:27:29.29 ===============
 
If you get this message, can you advise me whether I should uninstall McAfee/reinstall Combofix? Will I be able to reinstall it again from their site?
Click to expand...
As I told earlier, it's better keep McAfee uninstalled until we've finished with ComboFix. I'm not very familiar with McAfee but I assume you'll be able to use downloaded version as long as you use your valid subscription license.

Also, Spybot shouldn't interfere with McAfee.
 
Hi & thanks for getting back to me. I think I've screwed things up pretty good this time. I went ahead & tried to uninstall McAfee & McAfee virtual technician. When I restarted, I had the exact same issue I had before when McAfee auto-updated and moved everything - the exact thing I described in my very first post. I tried to get a new DDS log, but every time I double-click the icon, I get the dialog box for about 2 seconds, then it disappears & doesn't produce any reports. When I ran the Ka[ersky scan last night it did not pick up anything. One other thing I noted: when I restarted this last time, I got a Registry Editor notification stating:

"C:\windows\regedit.exe"\S
"C:\Program files\C Technologies\C-Pen20\Default.reg"

(C-Pen is a handheld scanner I've used for a couple years for scanning stuff from my textbooks into word files for school.)
 
Hi,
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Copy-paste following contents into custom scan -area:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
 
Thanks for getting back to me. One additional thing I noticed by accident - I got frustrated when my Desktop got reset again & my files were moved, so I restarted my laptop again just to see what it would do... Everything moved back again - my files my desktop wallpaper, programs - all back on my Desktop. DDS still wouldn't run & Combofix was still missing (& my Windows Media Player wouldn't work for some reason.) Anyway, I just thought I'd let you know. Here's the OTL.txt:

OTL logfile created on: 10/15/2010 1:12:21 AM - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\- J.B. -\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 162.97 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.33 Gb Free Space | 43.25% Space Free | Partition Type: NTFS

Computer Name: JB-PC | User Name: - J.B. - | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\- J.B. -\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell Support Center\gs_agent\dsc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\C Technologies\C-Pen 20\CPenOCR.exe ()
PRC - C:\Program Files\C Technologies\C-Pen 20\CPenDesk.exe (Anoto AB)
PRC - C:\Program Files\C Technologies\C-Pen 20\CPen20.exe (Anoto AB)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Brownie\brpjp04a.exe (brother)
PRC - C:\Program Files\Brownie\BrStsWnd.exe (brother)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)


========== Modules (SafeList) ==========

MOD - C:\Users\- J.B. -\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe File not found
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe File not found
SRV - (MOBCleanup) -- C:\Users\TEMP\AppData\Local\Temp\MOBCleanup.exe File not found
SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe File not found
SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe File not found
SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe File not found
SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe File not found
SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe File not found
SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe File not found
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\-JB~1.-\AppData\Local\Temp\catchme.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (pendfu) PenDfu (pendfu.sys) -- C:\Windows\System32\drivers\pendfu.sys (Anoto AB)
DRV - (CPen20) -- C:\Windows\System32\drivers\CPen20.sys (Anoto)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/p/1.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/10/14 15:55:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\- J.B. -\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.8.205.2 204.8.205.6
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\- J.B. -\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\- J.B. -\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/15 00:51:57 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\- J.B. -\Desktop\OTL.exe
[2010/10/14 01:58:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\- J.B. -\Desktop\ATF-Cleaner.exe
[2010/10/14 01:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/14 01:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/14 01:55:59 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/14 01:55:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/14 01:55:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/14 01:55:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/14 01:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/14 01:48:24 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\- J.B. -\Desktop\jre-6u22-windows-i586.exe
[2010/10/14 00:53:27 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\Windows\System32\drivers\MOBK.sys
[2010/10/14 00:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/10/14 00:51:17 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/10/14 00:51:17 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/10/14 00:51:15 | 000,130,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\Mpfp.sys
[2010/10/13 19:56:50 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 19:55:01 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 19:54:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 19:54:07 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 19:54:04 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 19:54:03 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 19:54:03 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 19:54:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 19:54:02 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 19:54:02 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 19:54:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 19:54:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 19:54:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 19:54:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 19:54:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 19:54:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 19:54:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 19:54:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 19:54:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 19:54:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 19:54:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 19:50:00 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 19:50:00 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 19:49:31 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 19:49:29 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/13 13:09:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/13 13:09:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/13 12:57:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/13 12:57:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/13 12:57:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/13 12:57:07 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/10/13 12:56:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/13 12:56:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/12 23:57:04 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\patton_oswalt-my_weakness_is_strong(2009)
[2010/10/12 17:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/12 12:27:23 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Favorites
[2010/10/10 01:57:10 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\MALWARE REMOVAL (2010)
[2010/10/08 21:37:57 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\metalheadz_platinum-seba-methpla010-web-2010
[2010/10/05 22:40:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/05 22:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/04 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\-unshared-
[2010/10/04 23:05:43 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\tunes to clean up or edit in goldwave
[2010/10/04 23:05:43 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\tracks to add to mp3 player
[2010/10/04 23:05:43 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\stuff to move to another hard_drive
[2010/10/04 23:05:22 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\still_need_to_listen_to
[2010/10/04 23:05:19 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\Soulseek Chat Logs
[2010/10/04 23:04:59 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\random_word_documents
[2010/10/04 23:04:55 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\OneNote Notebooks
[2010/10/04 23:02:26 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\ODU_Classes
[2010/10/04 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\Non-DnB(removed from laptop to save space)
[2010/10/04 22:52:47 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\lisa_gerrard-departum
[2010/10/04 22:47:17 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\JANES SHOWS
[2010/10/04 22:47:02 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\+resume_(revisions-etc.)
[2010/10/04 22:47:02 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\+INCOMING+
[2010/10/04 22:46:50 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\++need to listen to these
[2010/10/04 22:45:20 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\+ tracks for CD
[2010/10/04 22:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/10/04 20:58:26 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\My Google Gadgets
[2010/10/04 20:58:09 | 000,000,000 | ---D | C] -- C:\Users\- J.B. -\Documents\Bluetooth Exchange Folder
[2010/10/04 20:55:26 | 000,000,000 | -HSD | C] -- C:\Users\- J.B. -\Documents\My Videos
[2010/10/04 20:55:25 | 000,000,000 | -HSD | C] -- C:\Users\- J.B. -\Documents\My Pictures
[2010/10/04 20:55:25 | 000,000,000 | -HSD | C] -- C:\Users\- J.B. -\Documents\My Music
[2010/10/04 20:55:22 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Videos
[2010/10/04 20:55:22 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Pictures
[2010/10/04 20:55:22 | 000,000,000 | R--D | C] -- C:\Users\- J.B. -\Documents
[2010/09/28 18:40:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/07/24 00:19:41 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\- J.B. -\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/10/15 01:01:05 | 000,000,319 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/10/15 01:00:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 01:00:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/15 01:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/15 01:00:37 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 01:00:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/15 01:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/10/15 00:51:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\- J.B. -\Desktop\OTL.exe
[2010/10/14 21:28:24 | 000,544,768 | ---- | M] () -- C:\Users\- J.B. -\Desktop\dds.com
[2010/10/14 21:06:57 | 000,005,972 | ---- | M] () -- C:\Users\- J.B. -\AppData\Local\d3d9caps.dat
[2010/10/14 15:54:31 | 000,007,454 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/10/14 03:30:11 | 000,001,895 | ---- | M] () -- C:\Users\- J.B. -\Documents\Attach-Oct.14.zip
[2010/10/14 01:58:15 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\- J.B. -\Desktop\ATF-Cleaner.exe
[2010/10/14 01:55:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/14 01:55:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/14 01:55:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/14 01:55:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/14 01:48:26 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\- J.B. -\Desktop\jre-6u22-windows-i586.exe
[2010/10/14 00:58:14 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/10/14 00:58:03 | 000,371,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/13 16:27:50 | 000,012,843 | ---- | M] () -- C:\Users\- J.B. -\Documents\advantages_of_finishing_college_at_my_age.docx
[2010/10/13 00:10:44 | 000,184,832 | ---- | M] () -- C:\Users\- J.B. -\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/12 17:48:42 | 000,000,848 | ---- | M] () -- C:\Users\- J.B. -\Desktop\foobar2000.lnk
[2010/10/10 18:25:09 | 000,647,048 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/10 18:25:09 | 000,122,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/05 18:27:19 | 002,922,470 | ---- | M] () -- C:\Users\- J.B. -\Documents\performance report - 10-05-10.html
[2010/09/20 20:59:39 | 000,008,196 | ---- | M] () -- C:\Users\- J.B. -\Documents\updated cd for car (non-dnb).fpl
[2010/09/20 20:54:54 | 007,355,435 | ---- | M] () -- C:\Users\- J.B. -\Documents\janes-True Nature.mp3

========== Files Created - No Company Name ==========

[2010/10/14 03:30:11 | 000,001,895 | ---- | C] () -- C:\Users\- J.B. -\Documents\Attach-Oct.14.zip
[2010/10/14 00:54:50 | 000,007,454 | ---- | C] () -- C:\Windows\System32\Config.MPF
[2010/10/14 00:51:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2010/10/14 00:51:01 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2010/10/13 16:27:50 | 000,012,843 | ---- | C] () -- C:\Users\- J.B. -\Documents\advantages_of_finishing_college_at_my_age.docx
[2010/10/13 12:57:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/13 12:57:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/13 12:57:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/13 12:57:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/13 12:57:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/12 17:48:42 | 000,000,848 | ---- | C] () -- C:\Users\- J.B. -\Desktop\foobar2000.lnk
[2010/10/12 17:19:49 | 000,544,768 | ---- | C] () -- C:\Users\- J.B. -\Desktop\dds.com
[2010/10/05 18:28:52 | 002,922,470 | ---- | C] () -- C:\Users\- J.B. -\Documents\performance report - 10-05-10.html
[2010/10/04 23:09:21 | 007,469,543 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-waters_run_deep_(balibo_soundtrack).mp3
[2010/10/04 23:09:19 | 011,226,123 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-the_invasion_(balibo_soundtrack).mp3
[2010/10/04 23:09:17 | 011,424,300 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-a_passage_for_truth_(balibo_soundtrack).mp3
[2010/10/04 23:09:17 | 010,929,420 | ---- | C] () -- C:\Users\- J.B. -\Documents\lisa_gerrard-childhood_reflections_(balibo_soundtrack).mp3
[2010/10/04 23:09:16 | 007,355,435 | ---- | C] () -- C:\Users\- J.B. -\Documents\janes-True Nature.mp3
[2010/10/04 23:09:16 | 000,009,055 | ---- | C] () -- C:\Users\- J.B. -\Documents\feb26playlist for cd.fpl
[2010/10/04 23:09:16 | 000,005,549 | ---- | C] () -- C:\Users\- J.B. -\Documents\june8.fpl
[2010/10/04 23:09:07 | 061,619,304 | ---- | C] () -- C:\Users\- J.B. -\Documents\fanu-presents_allfanumix_vol6.mp3
[2010/10/04 23:09:07 | 000,060,094 | ---- | C] () -- C:\Users\- J.B. -\Documents\DnB_links-July2010.docx
[2010/10/04 23:09:07 | 000,012,372 | ---- | C] () -- C:\Users\- J.B. -\Documents\driving_music-master_tracklist.docx
[2010/10/04 23:08:59 | 055,257,646 | ---- | C] () -- C:\Users\- J.B. -\Documents\dj_lee_march2010_podcast.mp3
[2010/10/04 23:08:59 | 000,006,567 | ---- | C] () -- C:\Users\- J.B. -\Documents\deftones_for_the_car.fpl
[2010/10/04 22:45:20 | 000,063,791 | ---- | C] () -- C:\Users\- J.B. -\Documents\torrent help thread.htm
[2010/10/04 22:45:20 | 000,009,374 | ---- | C] () -- C:\Users\- J.B. -\Documents\updated cd for car-non-dnb.fpl
[2010/10/04 22:45:20 | 000,008,196 | ---- | C] () -- C:\Users\- J.B. -\Documents\updated cd for car (non-dnb).fpl
[2010/10/04 22:45:19 | 000,129,781 | ---- | C] () -- C:\Users\- J.B. -\Documents\spyware_removal_help_page.htm
[2010/10/04 22:45:18 | 046,993,281 | ---- | C] () -- C:\Users\- J.B. -\Documents\silent_witness-reprise_podcast006.mp3
[2010/10/04 22:45:18 | 000,009,789 | ---- | C] () -- C:\Users\- J.B. -\Documents\new non-dnb cd for car.fpl
[2010/02/07 19:51:12 | 000,005,972 | ---- | C] () -- C:\Users\- J.B. -\AppData\Local\d3d9caps.dat
[2010/01/17 03:00:41 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/01/17 03:00:40 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/01/17 03:00:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/01/17 03:00:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/01/17 03:00:38 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/19 23:58:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/11 22:47:15 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2009/02/09 17:06:52 | 000,184,832 | ---- | C] () -- C:\Users\- J.B. -\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/06 20:59:30 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2009/02/06 20:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2009/02/06 20:58:45 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/02/06 20:58:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2009/02/06 20:58:41 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2009/02/06 20:56:51 | 000,000,319 | ---- | C] () -- C:\Windows\Brownie.ini
[2009/01/30 15:59:55 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/01/30 15:59:55 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/01/30 15:59:55 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/01/30 15:59:55 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/01/30 15:59:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/07/25 18:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/13 13:09:39 | 000,007,842 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/01/30 16:00:03 | 000,005,298 | RH-- | M] () -- C:\dell.sdr
[2010/10/15 01:00:37 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/15 01:00:36 | 4061,261,824 | -HS- | M] () -- C:\pagefile.sys
[2009/01/30 14:49:15 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-14 04:31:18

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


Extras.txt:

OTL Extras logfile created on: 10/15/2010 1:04:30 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\- J.B. -\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 162.95 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.33 Gb Free Space | 43.25% Space Free | Partition Type: NTFS

Computer Name: JB-PC | User Name: - J.B. - | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BD8E66E1-3997-4359-9870-570E00A09E57}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055E6E02-D0BF-4BED-B3B4-317BC1A99056}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{1DB223F0-BC09-4ABA-80E0-0BB3E5B552BF}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{360650E4-3995-4851-B22A-31DF18A75871}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{496CF3E1-64F6-4136-A357-D2E22DDF0C8E}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{7711935B-733E-4A4D-A79A-383579CE477D}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{799C5325-E5A8-4FC2-BEDB-DFAA6F842569}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{7BDA1E6E-22CA-40CB-A1C9-5565AD6FE91A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{8BF0204E-C3B7-4185-AA83-DA105AD16435}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{918F1C52-FAB5-49D6-BB6B-478ABDEFAB08}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{A12B8B20-8F76-4323-9F6A-132548D3059B}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A86056D7-42A2-47FF-A482-B2E4BF041C2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E402FA13-38B4-4CA6-A862-4E5B71770293}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F74486B3-EAF9-4077-8C81-CAF31077F184}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"TCP Query User{025C1B0C-C104-4F3A-B528-184655D479D6}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{CA3A09BB-E8D9-43AB-9D91-B8BDE6EE1A05}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{5A924482-72B8-4E1F-91CE-27EA706A93AF}" = Brother HL-2140
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4CEE700-1875-4214-9CBE-6058F5CF400E}" = Ectaco C-Pen 20
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"foobar2000" = foobar2000 v0.9.6.2
"GoldWave v5.52" = GoldWave v5.52
"Google Desktop" = Google Desktop
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"ProInst" = Intel(R) PROSet/Wireless Software
"ULTIMATER" = Microsoft Office Ultimate 2007
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2010 8:16:38 PM | Computer Name = JB-PC | Source = VSS | ID = 8193
Description =

Error - 10/11/2010 12:44:23 AM | Computer Name = JB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEShims.dll, version 8.0.6001.18943, time stamp 0x4c25980e,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x394, application
start time 0x01cb68fef96542c0.

Error - 10/11/2010 2:43:58 PM | Computer Name = JB-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module SHELL32.dll, version 6.0.6002.18287, time stamp 0x4c4daf14,
exception code 0xc0000005, fault offset 0x0006b96d, process id 0x156c, application
start time 0x01cb696a8b3f89b0.

Error - 10/12/2010 11:36:33 AM | Computer Name = JB-PC | Source = VSS | ID = 8193
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5004
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5022
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5004
Description =

Error - 10/12/2010 12:20:10 PM | Computer Name = JB-PC | Source = McLogEvent | ID = 5022
Description =

Error - 10/12/2010 12:26:40 PM | Computer Name = JB-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2010 3:20:13 PM | Computer Name = JB-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 740 Start Time: 01cb6a42732ffe30 Termination Time: 27

[ System Events ]
Error - 10/15/2010 12:58:54 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 12:58:54 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:00:49 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:02:50 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/15/2010 1:02:50 AM | Computer Name = JB-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
 
Hi,

Download fresh ComboFix to your desktop and run it normally (=without cfscript). Post back the log.
 
ComboFix 10-10-14.04 - - J.B. - 10/15/2010 13:54:25.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3573.2436 [GMT -4:00]
Running from: c:\users\- J.B. -\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-15 18:00 . 2010-10-15 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-15 17:50 . 2010-10-15 17:51 -------- d-----w- C:\32788R22FWJFW
2010-10-14 05:56 . 2010-10-14 05:56 -------- d-----w- c:\program files\Common Files\Java
2010-10-14 05:55 . 2010-10-14 05:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-14 05:55 . 2010-10-14 05:55 -------- d-----w- c:\program files\Java
2010-10-14 04:53 . 2010-02-06 01:13 54776 ----a-w- c:\windows\system32\drivers\MOBK.sys
2010-10-14 04:53 . 2010-10-14 04:53 -------- d-----w- c:\program files\McAfee Online Backup
2010-10-14 04:51 . 2010-02-17 20:52 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 04:51 . 2010-02-17 20:52 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 04:51 . 2010-07-15 19:18 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-10-13 23:56 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:56 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 23:55 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:50 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:50 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:49 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 23:49 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:49 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-12 21:27 . 2010-10-12 21:27 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-12 15:37 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8A7157C-DCBB-47A8-ACB2-F8115EF10425}\mpengine.dll
2010-10-06 02:38 . 2010-10-06 02:39 -------- d-----w- c:\program files\ERUNT
2010-10-05 02:05 . 2010-10-05 02:05 -------- d-----w- c:\programdata\Citrix
2010-09-28 22:40 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:18 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 18:29 . 2009-02-10 00:14 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-02-06 01:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-02-06 01:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-02-06 01:14 2871608 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-22 133656]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-20 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\- J.B. -\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
C-Pen 20.lnk - c:\windows\Installer\{E4CEE700-1875-4214-9CBE-6058F5CF400E}\_FDCC84357FB9_4591_9BEA_C051AC901091.exe [2009-2-10 45056]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-30 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
R2 MOBCleanup;MOBCleanup;c:\users\TEMP\AppData\Local\Temp\MOBCleanup.exe [x]
R3 CPen20;C-Pen 20;c:\windows\system32\Drivers\CPen20.sys [2008-05-14 14382]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-20 30192]
R3 pendfu;PenDfu (pendfu.sys);c:\windows\system32\Drivers\pendfu.sys [2008-05-14 32376]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-02-06 54776]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-02-06 229688]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-14 16:22]

2010-10-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-10-14 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/p/1.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-MSC - c:\program files\McAfee\MSC\mcuninst.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,f9,44,03,b9,9f,9d,4f,a2,a4,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,f9,44,03,b9,9f,9d,4f,a2,a4,bd,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5428)
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Completion time: 2010-10-15 14:01:56
ComboFix-quarantined-files.txt 2010-10-15 18:01
ComboFix2.txt 2010-10-13 17:09

Pre-Run: 174,952,333,312 bytes free
Post-Run: 175,045,476,352 bytes free

- - End Of File - - 4E87D7C32E2AF27B7174E73524CD538D


Thank for your time!
 
I think things are okay now. I updated Spybot and ran a scan - the results turned up DoubleClick & Web Trends Live browser entries, but Spybot says it fixed that. The browser redirects seem to be gone & the Fraud Defense Center malware hasn't shown up in a Spybot scan for a couple days.

Would you have any idea why all the files in my Documents folder keep getting moved? (I think what I'm trying to ask is why my main Documents folder (pics, videos, etc.) are no longer in that location & I have to go to OS (C:) > Users > J.B. to find them.) That was the main reason I contacted a technician @ McAfee to begin with - following an update everything was gone I freaked out thinking it had all been erased.

A couple additional questions for you...

Can you recomend any additional programs (preferrably free) that might be of use to me with regard to malware protection? I know you said you werern't that familiar with McAfee, but do you know if your ecommendations would work with McAfee?

Looking over my latest logs, do you see any unnecessary programs/bloatware/etc? I know that Citrix program was installed when I contacted McAfee for live help prior to coming here for assistance. If possible, I'd like to get rid of that and any other random things lurking in my laptop.

Any advice/comments/etc. you might have would be greatly appreciated!
 
Hi,

Let's uninstall ComboFix at this point:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Would you have any idea why all the files in my Documents folder keep getting moved?
Click to expand...
Let's have a little look into the registry.

Download & extract this file to it's own folder - Registry Search

Launch Registry Search
In the search box, enter (on separate lines)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


Under Search, make sure only the Value box is checked in the first row of checkboxes. All other checkboxes should be checked.

& click Ok.
Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply.


I know that Citrix program was installed when I contacted McAfee for live help prior to coming here for assistance. If possible, I'd like to get rid of that and any other random things lurking in my laptop.
Click to expand...
Delete c:\programdata\Citrix folder.
 
Hi, the results from the registry search are listed below. I'm also noticing my computer is running really slow - like switching from my Documents folder to my Pictures folder is taking up to 30+ seconds to open (& I don't really have that much stuff saved in there.) Webpages still load slower than normal, but not as long as when I first came to you for assistance.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 10/16/2010 1:49:46 PM for strings:
; 'hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders
hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders
'
; 'hkey_current_user\software\microsoft\windows\currentversion\explorer\user shell folders

'
; Strings excluded from search:
; (None)
; Search in:
; Registry Values
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...


Thanks for your time!
 
Hi,

I expected to see a bit different results from that registry search. Let's have another attempt.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
SWREG QUERY "hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders" /s >Logit.txt
SWREG QUERY "hkey_current_user\software\microsoft\windows\currentversion\explorer\shell folders" /s >>Logit.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
 
Hi,

I just wanted to touch base with you & let you know that my apartment was burglarized the other night & the thief got away with several items including my laptop. I've spent the last day or so contacting my bank, credit card companies, websites where I occasionally shop, etc. to let them know my accounts were most likely comprimised. Anyway, I just wanted to say thanks for working to resolve my computer's problems. Hopefully, I'll be getting a new computer shortly (running Windows 7) & things might run a bit more efficiently. I am still interested in any malware protection applications I could use in addition to Spybot, & any advice you might have. If you get a minute or two to spare, I'd appreciate some tips.

Thanks again for you generous asisstance!
peeps.gif


JB
 
my apartment was burglarized the other night & the thief got away with several items including my laptop
Click to expand...
Sorry to hear about this :sad:

I am still interested in any malware protection applications I could use in addition to Spybot, & any advice you might have. If you get a minute or two to spare, I'd appreciate some tips.
Click to expand...
Good free antivirus programs are:
Antivir
Avast! and
AVG Free Antivirus

Good commercial ones are from:
Kaspersky and
ESET

For antispyware protection among Spybot I recommend Malwarebytes' Anti-Malware.
 
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top