Infected by trojan, several issues

ken545 · Jan 28, 2014

First try running Rkill, it wont remove anything but may stop the infection from running Combofix

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Then try running CF again

Kman1566 · Jan 28, 2014

I tried version 1 about 10 times and thought I saw the desktop cycle but during the Combofix scan another windows shut down occured. I restarted and tried version 2 about 15 times and noticed that at the start it lists C:\windows\ehome\ehRecvr.exe and C:\windows\ehome\mcrdsvc.exe are listed with "2 processes terminated" directly underneath EACH TIME Rkill runs. After Rkill completes I do get a message window pop up that says "You should now be able to run your normal security programs so you can scan for computer infections" but the desktop is not cycling on/off.

ken545 · Jan 28, 2014

Have you tried running Combofix again ?

If it still wont run then reboot your system and lets run this program

You dont need the 64 Bit version so download the other one

--RogueKiller--

Download & SAVE to your Desktop RogueKiller or 32 BIT
- Quit all programs that you may have started.
- Please disconnect any USB or external drives from the computer before you run this scan!
- For Vista or Windows 7, right-click and select "Run as Administrator to start"
- For Windows XP, double-click to start.
- Wait until Prescan has finished ...
- Then Click on "Scan" button
- Wait until the Status box shows "Scan Finished"
- Click on "Report" and copy/paste the content of the Notepad into your next reply.
- The log should be found in RKreport[1].txt on your Desktop
- Exit/Close RogueKiller+

Kman1566 · Jan 28, 2014

Yes I did try combofix in the normal NOT special run and windows shut down a couple more times. RogueKiller ran fine, here is the log...

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Kevin [Admin rights]
Mode : Scan -- Date : 01/28/2014 08:06:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] IAT @explorer.exe (FindNextFileW) : KERNEL32.dll -> HOOKED (Unknown @ 0x01E40C5E)
[Inline] IAT @explorer.exe (ReadProcessMemory) : KERNEL32.dll -> HOOKED (Unknown @ 0x01510682)
[Inline] IAT @explorer.exe (OpenProcess) : KERNEL32.dll -> HOOKED (Unknown @ 0x0151060B)
[Inline] IAT @explorer.exe (LoadLibraryA) : KERNEL32.dll -> HOOKED (Unknown @ 0x01510AB1)
[Inline] IAT @explorer.exe (CreateProcessW) : KERNEL32.dll -> HOOKED (Unknown @ 0x01E405DC)
[Inline] IAT @explorer.exe (LoadLibraryW) : KERNEL32.dll -> HOOKED (Unknown @ 0x015101DC)
[Inline] IAT @explorer.exe (ShellExecuteExW) : SHELL32.dll -> HOOKED (Unknown @ 0x01E40BE7)
[Inline] IAT @explorer.exe (LoadImageW) : USER32.dll -> HOOKED (Unknown @ 0x01E40B70)
[Inline] EAT @explorer.exe (LdrGetProcedureAddress) : ntdll.dll -> HOOKED (Unknown @ 0x015102CA)
[Inline] EAT @explorer.exe (LdrLoadDll) : ntdll.dll -> HOOKED (Unknown @ 0x01E40400)
[Inline] EAT @explorer.exe (NtProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x01510341)
[Inline] EAT @explorer.exe (NtSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x01E40477)
[Inline] EAT @explorer.exe (ZwProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x01510341)
[Inline] EAT @explorer.exe (ZwSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x01E40477)
[Inline] EAT @explorer.exe (CreateFileA) : kernel32.dll -> HOOKED (Unknown @ 0x01E40F28)
[Inline] EAT @explorer.exe (CreatePipe) : kernel32.dll -> HOOKED (Unknown @ 0x01510077)
[Inline] EAT @explorer.exe (CreateProcessA) : kernel32.dll -> HOOKED (Unknown @ 0x01510594)
[Inline] EAT @explorer.exe (CreateProcessW) : kernel32.dll -> HOOKED (Unknown @ 0x01E405DC)
[Inline] EAT @explorer.exe (CreateRemoteThread) : kernel32.dll -> HOOKED (Unknown @ 0x015106F9)
[Inline] EAT @explorer.exe (FindNextFileW) : kernel32.dll -> HOOKED (Unknown @ 0x01E40C5E)
[Inline] EAT @explorer.exe (GetPrivateProfileSectionW) : kernel32.dll -> HOOKED (Unknown @ 0x01E4082F)
[Inline] EAT @explorer.exe (GetStartupInfoA) : kernel32.dll -> HOOKED (Unknown @ 0x015100EE)
[Inline] EAT @explorer.exe (HeapCreate) : kernel32.dll -> HOOKED (Unknown @ 0x01510770)
[Inline] EAT @explorer.exe (LoadLibraryA) : kernel32.dll -> HOOKED (Unknown @ 0x01510AB1)
[Inline] EAT @explorer.exe (LoadLibraryW) : kernel32.dll -> HOOKED (Unknown @ 0x015101DC)
[Inline] EAT @explorer.exe (LoadModule) : kernel32.dll -> HOOKED (Unknown @ 0x01510253)
[Inline] EAT @explorer.exe (OpenProcess) : kernel32.dll -> HOOKED (Unknown @ 0x0151060B)
[Inline] EAT @explorer.exe (PeekNamedPipe) : kernel32.dll -> HOOKED (Unknown @ 0x01510000)
[Inline] EAT @explorer.exe (ReadProcessMemory) : kernel32.dll -> HOOKED (Unknown @ 0x01510682)
[Inline] EAT @explorer.exe (VirtualAllocEx) : kernel32.dll -> HOOKED (Unknown @ 0x0151051D)
[Inline] EAT @explorer.exe (VirtualProtect) : kernel32.dll -> HOOKED (Unknown @ 0x0151042F)
[Inline] EAT @explorer.exe (VirtualProtectEx) : kernel32.dll -> HOOKED (Unknown @ 0x015104A6)
[Inline] EAT @explorer.exe (WinExec) : kernel32.dll -> HOOKED (Unknown @ 0x015103B8)
[Inline] EAT @explorer.exe (NdrServerInitialize) : RPCRT4.dll -> HOOKED (Unknown @ 0x01E40CD5)
[Inline] EAT @explorer.exe (NdrStubCall2) : RPCRT4.dll -> HOOKED (Unknown @ 0x01E40D4C)
[Inline] EAT @explorer.exe (CreateDIBPatternBrushPt) : GDI32.dll -> HOOKED (Unknown @ 0x01E40AF9)
[Inline] EAT @explorer.exe (Escape) : GDI32.dll -> HOOKED (Unknown @ 0x01E407B8)
[Inline] EAT @explorer.exe (GetDIBits) : GDI32.dll -> HOOKED (Unknown @ 0x01E40A0B)
[Inline] EAT @explorer.exe (PlayEnhMetaFileRecord) : GDI32.dll -> HOOKED (Unknown @ 0x01E406CA)
[Inline] EAT @explorer.exe (PlayMetaFileRecord) : GDI32.dll -> HOOKED (Unknown @ 0x01E40653)
[Inline] EAT @explorer.exe (StretchDIBits) : GDI32.dll -> HOOKED (Unknown @ 0x01E40A82)
[Inline] EAT @explorer.exe (LoadImageW) : USER32.dll -> HOOKED (Unknown @ 0x01E40B70)
[Inline] EAT @explorer.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (Unknown @ 0x01E404EE)
[Inline] EAT @explorer.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (Unknown @ 0x01E40565)
[Inline] EAT @explorer.exe (system) : msvcrt.dll -> HOOKED (Unknown @ 0x015107E7)
[Inline] EAT @explorer.exe (CoGetClassObject) : ole32.dll -> HOOKED (Unknown @ 0x01E40994)
[Inline] EAT @explorer.exe (UrlUnescapeA) : SHLWAPI.dll -> HOOKED (Unknown @ 0x01E408A6)
[Inline] EAT @explorer.exe (InternetOpenA) : WININET.dll -> HOOKED (Unknown @ 0x01E40EB1)
[Inline] EAT @explorer.exe (InternetOpenUrlA) : WININET.dll -> HOOKED (Unknown @ 0x01E40E3A)
[Inline] EAT @explorer.exe (InternetReadFile) : WININET.dll -> HOOKED (Unknown @ 0x01E40DC3)
[Inline] EAT @explorer.exe (ShellExecuteExW) : SHELL32.dll -> HOOKED (Unknown @ 0x01E40BE7)
[Inline] EAT @explorer.exe (bind) : WS2_32.dll -> HOOKED (Unknown @ 0x01510B28)
[Inline] EAT @explorer.exe (gethostbyname) : WS2_32.dll -> HOOKED (Unknown @ 0x01E4091D)
[Inline] EAT @explorer.exe (recv) : WS2_32.dll -> HOOKED (Unknown @ 0x01510A3A)
[Inline] EAT @explorer.exe (select) : WS2_32.dll -> HOOKED (Unknown @ 0x015109C3)
[Inline] EAT @explorer.exe (send) : WS2_32.dll -> HOOKED (Unknown @ 0x0151094C)
[Inline] EAT @explorer.exe (socket) : WS2_32.dll -> HOOKED (Unknown @ 0x015108D5)
[Inline] EAT @explorer.exe (CompatFlagsFromClsid) : urlmon.dll -> HOOKED (Unknown @ 0x01E40741)
[Inline] EAT @explorer.exe (system) : MSVCR90.dll -> HOOKED (Unknown @ 0x01510B9F)
[Inline] EAT @explorer.exe (system) : MSVCR80.dll -> HOOKED (Unknown @ 0x01510C16)
[Inline] IAT @firefox.exe (GetProcAddress) : KERNEL32.dll -> HOOKED (Unknown @ 0x003D0A0B)
[Inline] EAT @firefox.exe (LdrGetProcedureAddress) : ntdll.dll -> HOOKED (Unknown @ 0x003D0B70)
[Inline] EAT @firefox.exe (NtProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x003D0BE7)
[Inline] EAT @firefox.exe (NtSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x003D0477)
[Inline] EAT @firefox.exe (ZwProtectVirtualMemory) : ntdll.dll -> HOOKED (Unknown @ 0x003D0BE7)
[Inline] EAT @firefox.exe (ZwSetSecurityObject) : ntdll.dll -> HOOKED (Unknown @ 0x003D0477)
[Inline] EAT @firefox.exe (CreateFileA) : kernel32.dll -> HOOKED (Unknown @ 0x003D082F)
[Inline] EAT @firefox.exe (CreatePipe) : kernel32.dll -> HOOKED (Unknown @ 0x003D091D)
[Inline] EAT @firefox.exe (CreateProcessA) : kernel32.dll -> HOOKED (Unknown @ 0x003D05DC)
[Inline] EAT @firefox.exe (CreateProcessW) : kernel32.dll -> HOOKED (Unknown @ 0x003D0653)
[Inline] EAT @firefox.exe (CreateRemoteThread) : kernel32.dll -> HOOKED (Unknown @ 0x003D0F28)
[Inline] EAT @firefox.exe (GetProcAddress) : kernel32.dll -> HOOKED (Unknown @ 0x003D0A0B)
[Inline] EAT @firefox.exe (GetStartupInfoA) : kernel32.dll -> HOOKED (Unknown @ 0x003D0994)
[Inline] EAT @firefox.exe (HeapCreate) : kernel32.dll -> HOOKED (Unknown @ 0x008B0000)
[Inline] EAT @firefox.exe (LoadLibraryA) : kernel32.dll -> HOOKED (Unknown @ 0x008B0077)
[Inline] EAT @firefox.exe (LoadLibraryW) : kernel32.dll -> HOOKED (Unknown @ 0x003D0A82)
[Inline] EAT @firefox.exe (LoadModule) : kernel32.dll -> HOOKED (Unknown @ 0x003D0AF9)
[Inline] EAT @firefox.exe (OpenProcess) : kernel32.dll -> HOOKED (Unknown @ 0x003D0E3A)
[Inline] EAT @firefox.exe (PeekNamedPipe) : kernel32.dll -> HOOKED (Unknown @ 0x003D08A6)
[Inline] EAT @firefox.exe (ReadProcessMemory) : kernel32.dll -> HOOKED (Unknown @ 0x003D0EB1)
[Inline] EAT @firefox.exe (VirtualAllocEx) : kernel32.dll -> HOOKED (Unknown @ 0x003D0DC3)
[Inline] EAT @firefox.exe (VirtualProtect) : kernel32.dll -> HOOKED (Unknown @ 0x003D0CD5)
[Inline] EAT @firefox.exe (VirtualProtectEx) : kernel32.dll -> HOOKED (Unknown @ 0x003D0D4C)
[Inline] EAT @firefox.exe (WinExec) : kernel32.dll -> HOOKED (Unknown @ 0x003D0C5E)
[Inline] EAT @firefox.exe (SetClipboardData) : USER32.dll -> HOOKED (Unknown @ 0x003D06CA)
[Inline] EAT @firefox.exe (SetWindowsHookExA) : USER32.dll -> HOOKED (Unknown @ 0x003D04EE)
[Inline] EAT @firefox.exe (SetWindowsHookExW) : USER32.dll -> HOOKED (Unknown @ 0x003D0565)
[Inline] EAT @firefox.exe (NdrServerInitialize) : RPCRT4.dll -> HOOKED (Unknown @ 0x003D0741)
[Inline] EAT @firefox.exe (NdrStubCall2) : RPCRT4.dll -> HOOKED (Unknown @ 0x003D07B8)
[Inline] EAT @firefox.exe (bind) : WS2_32.dll -> HOOKED (Unknown @ 0x008B042F)
[Inline] EAT @firefox.exe (gethostbyname) : WS2_32.dll -> HOOKED (Unknown @ 0x008B01DC)
[Inline] EAT @firefox.exe (recv) : WS2_32.dll -> HOOKED (Unknown @ 0x008B03B8)
[Inline] EAT @firefox.exe (select) : WS2_32.dll -> HOOKED (Unknown @ 0x008B0341)
[Inline] EAT @firefox.exe (send) : WS2_32.dll -> HOOKED (Unknown @ 0x008B02CA)
[Inline] EAT @firefox.exe (socket) : WS2_32.dll -> HOOKED (Unknown @ 0x008B0253)
[Inline] EAT @firefox.exe (system) : msvcrt.dll -> HOOKED (Unknown @ 0x008B00EE)
[Inline] EAT @firefox.exe (ShellExecuteExW) : SHELL32.dll -> HOOKED (Unknown @ 0x008B04A6)
[Inline] EAT @firefox.exe (InternetOpenA) : WININET.dll -> HOOKED (Unknown @ 0x008B060B)
[Inline] EAT @firefox.exe (InternetOpenUrlA) : WININET.dll -> HOOKED (Unknown @ 0x008B0594)
[Inline] EAT @firefox.exe (InternetReadFile) : WININET.dll -> HOOKED (Unknown @ 0x008B051D)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST500DM002-1BD142 +++++
--- User ---
[MBR] bbc983f42a18ea03e3efc9484103ea40
[BSP] eee412d08b57fde5247af09a76484fcb : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 102 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 210944 | Size: 467321 Mo
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 957284352 | Size: 9516 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01282014_080633.txt >>

ken545 · Jan 28, 2014

Lets do this

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from Here

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

Kman1566 · Jan 28, 2014

I was able to create a restore point. here is the mbar log... the system log in next reply.

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.28.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.2180
:: TOYBOX [administrator]

1/28/2014 11:02:07 AM
mbar-log-2014-01-28 (11-02-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 272421
Time elapsed: 1 hour(s), 3 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Kman1566 · Jan 28, 2014

system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1156231168

Downloaded database version: v2014.01.28.05
Downloaded database version: v2013.12.18.01
=======================================
------------ Kernel report ------------
01/28/2014 09:20:08
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\Pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ELmou.sys
\SystemRoot\System32\DRIVERS\ELmon.sys
\SystemRoot\System32\DRIVERS\ELkbd.sys
\SystemRoot\System32\DRIVERS\ELhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\LHidUsb.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\Aspi32.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\HipShieldK.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff896cdab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff896d38e8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a62dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a111030
Lower Device Driver Name: \Driver\iastor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a62dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a62e900, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a68e908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a62dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a62ea10, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a111030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C08F172

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 208896

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 210944 Numsec = 957073408
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 957284352 Numsec = 19488768

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff896cdab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89712f10, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff896d2870, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff896cdab8, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8977df10, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff896d38e8, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Infected: C:\Documents and Settings\Kevin\Desktop\uSeRiNiT.exe --> [Heuristics.Reserved.Word.Exploit]
Infected: C:\Documents and Settings\Kevin\Desktop\WiNlOgOn.exe --> [Heuristics.Reserved.Word.Exploit]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-210944-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1203961856

=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1241186304

Downloaded database version: v2014.01.28.06
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/28/2014 10:24:56
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
imofugc.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
vsflt53.sys
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
iastor.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
DRVMCDB.SYS
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
vididr.sys
timntr.sys
snapman.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e5132.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HSFHWBS2.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\HSF_DP.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\iviaspi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\mfendisk.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\Pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\drivers\MODEMCSA.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\sthda.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_N.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\drivers\mfetdi2k.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ELmou.sys
\SystemRoot\System32\DRIVERS\ELmon.sys
\SystemRoot\System32\DRIVERS\ELkbd.sys
\SystemRoot\System32\DRIVERS\ELhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\Drivers\LHidUsb.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\dump_iastor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\DRIVERS\mfencbdc.sys
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResN.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Aspi32.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\dsunidrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\drivers\cfwids.sys
\SystemRoot\system32\drivers\HipShieldK.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff89896030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8990a030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a82bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a883030
Lower Device Driver Name: \Driver\iastor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a82bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a80f900, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7fc908, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a82bab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a80fa10, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a883030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iastor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\PartMgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C08F172

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 208896

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 210944 Numsec = 957073408
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 957284352 Numsec = 19488768

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff898c5440, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8986c220, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a85c418, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8990a030, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.2180

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145480704, free: 1322848256

Initializing...
======================
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR4
Upper Device Object: 0xffffffff89896030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000080\
Lower Device Object: 0xffffffff8990a030
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a82bab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff8a883030
Lower Device Driver Name: \Driver\iastor\
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\del200f.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\1028_Dell_XPS_DXPO51.mrk" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\inetx026.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\ativmc20.cod" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C08F172

Partition information:

Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 208896

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 210944 Numsec = 957073408
Partition file system is NTFS
Partition is bootable

Partition 2 type is Other (0xdb)
Partition is NOT ACTIVE.
Partition starts at LBA: 957284352 Numsec = 19488768

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff898c5440, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8986c220, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89896030, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a85c418, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8990a030, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\
------------ End ----------
Read File: File "C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Scan finished
=======================================

Removal queue found; removal started
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\VBR-0-1-210944-i.mbam...
Removing C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

ken545 · Jan 28, 2014

It looks like it found a couple of infected files and removed them.

How is your system behaving now ?

Drag Combofix to the trash and lets grab a updated copy and give it one more try, make sure to download it to your desktop

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Kman1566 · Jan 28, 2014

My computer is not unusually slow or experiencing weird behavior except for mcafee... I followed the link you provided but they do not match my options. I clicked on the help link on McAfee Security Center and read how to turn off the realtime scanning but the box to check is not there on mine??? Not sure how I should proceed...Also the text in the settings page is cut off and there is no scroll bar or anyway I can see to change the window size.

ken545 · Jan 28, 2014

OK, you should be able to just right click on the Mcfee Icon in the system tray, down on the right by the clock and disable it, if not then just give Combofix a shot as is, and if it dont work then run a new scan with OTL and post the log please

Kman1566 · Jan 28, 2014

I moved the earier Combofix to recylce bin and downloaded the new one- when I tried to open it I recieved a message that it was not a valid system 32 app so I moved that to recylce bin and tried the next link, downloaded ok but when I tried to open it the icon disappeared and no other window opened. I ran OTL with no issue however, only the first log opened and I am not able to locate the folder on the C drive. I did find a folder titled "Secure Speed Dial" that I thought we had gotten rid of. While I was downloading the Combofix Mcafee attempted to update but never got passed 0% download complete. My home page also is still changing to yahoo search not the Yahoo Home that it should be. Here is the log from OTL...

OTL logfile created on: 1/28/2014 2:07:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.18% Memory free
4.85 Gb Paging File | 3.94 Gb Available in Paging File | 81.23% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 358.56 Gb Free Space | 78.57% Space Free | Partition Type: NTFS

Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\VirusScan\McVsShld.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SiteAdvisor\6261\SiteAdv.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\WINDOWS\system32\sqlite3.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\SiteAdvisor\6261\saHook.dll ()
MOD - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()

========== Services (SafeList) ==========

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B1650a312-02bc-40ee-977e-83f158701739%7D:26.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]

[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2014/01/27 18:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions
[2010/04/27 15:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/10 18:26:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\moveplayer@movenetworks.com
[2014/01/25 06:06:16 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net
[2007/04/12 19:51:42 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\searchplugins\siteadvisor.xml
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0B41PS0E.DEFAULT\EXTENSIONS\ADSREMOVAL@ADSREMOVAL.NET
[2008/06/23 17:52:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\SITEADVISOR\6261\FF
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

O1 HOSTS File: ([2014/01/21 01:01:45 | 000,451,153 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 15488 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/28 09:20:08 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\RK_Quarantine
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 20:32:54 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/25 05:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 13:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2013/12/31 10:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/28 13:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/28 11:01:52 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/28 10:20:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/28 10:18:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/28 10:18:10 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/28 10:17:50 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/28 10:17:50 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/28 10:17:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/28 10:17:24 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 08:01:50 | 003,794,432 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 20:32:54 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:23:39 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 05:51:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/21 01:01:45 | 000,451,153 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/12/31 11:07:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/28 08:01:49 | 003,794,432 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 15:23:42 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 13:36:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2012/08/28 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

ken545 · Jan 28, 2014

Not looking at to much bad, Combofix is running as a service, lets stop in and clean out some temp files

The script has to start with :OTL and end with [reboot] or the fix wont work so make sure you get it all

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
[2014/01/25 06:06:16 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please

Kman1566 · Jan 28, 2014

I have to step away from the computer for a bit- just a heads up, thanks again for your help. I will perform task and post soon.

Kman1566 · Jan 28, 2014

ran the fix with no issues here is the log... I will now run the scan and post results in next reply.

All processes killed
========== OTL ==========
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
C:\ComboFix\pev.3XE moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\zh-TW folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\zh-CN folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\vi folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\uk folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\tr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\th folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\te folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ta folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sw folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sv folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sl folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\sk folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ru folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ro folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\pt_PT folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\pt_BR folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\pl folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\no folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\nl folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ms folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\mr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\lv folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\lt folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ko folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\kn folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ja folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\it folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\id folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\hu folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\hr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\hi folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\he folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\gu folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fr folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fil folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fi folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\fa folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\et folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\es - 419 folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\es folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\en-US folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\en-GB folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\en folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\el folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\de folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\da folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\cs folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ca folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\bn folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\bg folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale\ar folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\locale folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\images\bg folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\images folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\defaults\preferences folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net\defaults folder moved successfully.
C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\speeddial@instair.net folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Kevin\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Kevin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Kevin
->Java cache emptied: 0 bytes

User: Kim
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Kevin
->Temp folder emptied: 37724024 bytes
->Temporary Internet Files folder emptied: 1284755 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3066032 bytes
->Flash cache emptied: 1802 bytes

User: Kim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 797107 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 8434 bytes

User: NetworkService
->Temp folder emptied: 51832 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 727242 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 221325102 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 790326 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 254.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01282014_164905

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Kman1566 · Jan 28, 2014

Scan complete- here is the new log

OTL logfile created on: 1/28/2014 4:59:11 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.36% Memory free
4.85 Gb Paging File | 4.29 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 359.11 Gb Free Space | 78.69% Space Free | Partition Type: NTFS

Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\webres.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()

========== Services (SafeList) ==========

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B1650a312-02bc-40ee-977e-83f158701739%7D:26.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1650a312-02bc-40ee-977e-83f158701739}:26.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]

[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2014/01/28 16:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions
[2010/04/27 15:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/10 18:26:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\extensions\moveplayer@movenetworks.com
[2007/04/12 19:51:42 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\0b41ps0e.default\searchplugins\siteadvisor.xml
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0B41PS0E.DEFAULT\EXTENSIONS\ADSREMOVAL@ADSREMOVAL.NET
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEVIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\0B41PS0E.DEFAULT\EXTENSIONS\SPEEDDIAL@INSTAIR.NET
[2008/06/23 17:52:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\SITEADVISOR\6261\FF
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

O1 HOSTS File: ([2014/01/28 16:49:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00363636-33FF-484C-A8F8-89AC0BAF378A}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/28 16:49:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/28 09:20:08 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\RK_Quarantine
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 20:32:54 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/25 05:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2013/12/31 10:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/28 16:53:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/28 16:51:17 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/28 16:50:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/28 16:50:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/28 16:50:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/28 16:50:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/28 16:50:07 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 16:49:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/28 16:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/28 11:01:52 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/28 08:01:50 | 003,794,432 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 20:32:54 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:23:39 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 05:51:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/12/31 11:07:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/28 08:01:49 | 003,794,432 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 15:23:42 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2012/08/28 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

ken545 · Jan 28, 2014

Still looking at speedial

Open Firefox
Click on Help > Troubleshooting Information > Reset Firefox to its default state

Then run a new scan with OTL and post the log

Kman1566 · Jan 28, 2014

Here are the results

OTL logfile created on: 1/28/2014 5:41:40 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kevin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.15% Memory free
4.85 Gb Paging File | 4.14 Gb Available in Paging File | 85.49% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 456.37 Gb Total Space | 359.08 Gb Free Space | 78.68% Space Free | Partition Type: NTFS

Computer Name: TOYBOX | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
PRC - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
PRC - C:\WINDOWS\system32\dlcdcoms.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\sqlite3.dll ()
MOD - C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\webres.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdserv.dll ()
MOD - C:\WINDOWS\system32\dlcdlmpm.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdpplc.dll ()
MOD - C:\WINDOWS\system32\dlcdcoms.exe ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcomc.dll ()
MOD - C:\WINDOWS\system32\dlcdprox.dll ()
MOD - C:\WINDOWS\system32\dlcdusb1.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll ()
MOD - C:\WINDOWS\system32\dlcdcnv4.dll ()
MOD - C:\Program Files\Dell Photo AIO Printer 944\dlcddrec.dll ()

========== Services (SafeList) ==========

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdvancedSystemCareService7) -- C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCService.exe (IObit)
SRV - (LiveUpdateSvc) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (IObit)
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (SecureUpdateSvc) -- C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcbootdelaystartsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (dlcd_device) -- C:\WINDOWS\system32\dlcdcoms.exe ()
SRV - (IAANTMon) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (Winsock - Google Desktop Search Backup Before Last Install) -- File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) -- File not found
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (usbcm) -- system32\DRIVERS\usbcm.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (bvrp_pci) -- File not found
DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys (Malwarebytes Corporation)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (mfencrk) -- C:\WINDOWS\system32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\WINDOWS\system32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\WINDOWS\system32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=198484&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes,DefaultScope = {0FF4A0C4-D3EB-438E-A53E-A94C5694C916}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{0FF4A0C4-D3EB-438E-A53E-A94C5694C916}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\SearchScopes\{306851AB-2967-45E2-B485-4E5B3C1A21E5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Kevin\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/28 19:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/19 22:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/16 09:09:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2014/01/20 12:02:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6261\FF\ [2008/06/23 17:52:42 | 000,000,000 | ---D | M]

[2008/09/07 18:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kevin\Application Data\Mozilla\Extensions
[2013/05/18 21:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/12 07:34:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/12 07:34:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/11 10:09:13 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

O1 HOSTS File: ([2014/01/28 16:49:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O2 - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Documents and Settings\Kevin\My Documents\Downloads\IObit Uninstaller\UninstallExplorer32.dll (IObit)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006..\Run: [Advanced SystemCare 7] C:\Documents and Settings\Kevin\My Documents\Downloads\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-590471348-4020301897-3148249993-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1342719157853 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.96.68 184.63.96.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00363636-33FF-484C-A8F8-89AC0BAF378A}: DhcpNameServer = 184.63.96.68 184.63.96.69
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a7c86ed-15f7-11e2-9f10-ca672b9b391e}\Shell\AutoRun\command - "" = E:\unlock.exe autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/28 17:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\Old Firefox Data
[2014/01/28 16:49:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/28 09:20:08 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 08:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Desktop\RK_Quarantine
[2014/01/27 21:53:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/27 21:46:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/27 20:32:54 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:28:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/27 13:55:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/01/27 13:52:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/01/27 13:52:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/01/27 13:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/01/27 13:52:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/01/27 13:48:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/27 09:58:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/25 05:51:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/24 13:40:40 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/24 13:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2014/01/24 08:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2014/01/20 16:06:11 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2014/01/20 15:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:30:22 | 000,037,804 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,083,808 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:28 | 000,028,272 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)
[2014/01/07 11:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kevin\My Documents\Job Hunt 2014
[2013/12/31 10:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IObit Uninstaller
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/28 17:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/28 16:53:31 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/01/28 16:51:17 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\ASC7_PerformanceMonitor.job
[2014/01/28 16:50:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/28 16:50:36 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/28 16:50:36 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/28 16:50:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/28 16:50:07 | 2145,554,432 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 16:49:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/28 11:01:52 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 10:21:51 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/01/28 08:01:50 | 003,794,432 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 20:32:54 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.scr
[2014/01/27 20:32:41 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.com
[2014/01/27 19:20:19 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Kevin\Desktop\rkill.exe
[2014/01/27 15:23:39 | 002,218,636 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 15:09:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1006.job
[2014/01/27 13:56:13 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2014/01/27 09:58:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kevin\Desktop\OTL.exe
[2014/01/26 09:40:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:38:04 | 000,445,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/26 09:38:04 | 000,073,096 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/01/25 05:51:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Kevin\Desktop\dds.scr
[2014/01/21 07:54:16 | 000,023,325 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2014/01/20 15:30:23 | 000,037,804 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidUsb.sys
[2014/01/20 15:29:29 | 000,309,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\Prounstl.exe
[2014/01/20 15:29:29 | 000,083,808 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicInstE.dll
[2014/01/20 15:29:29 | 000,028,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\NicCo2.dll
[2014/01/20 15:29:28 | 000,121,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\e1000msg.dll
[2014/01/20 15:29:28 | 000,002,876 | ---- | M] () -- C:\WINDOWS\System32\e1e5132.din
[2014/01/20 13:12:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/01/20 13:09:14 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/20 12:29:35 | 000,000,057 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2014/01/15 20:13:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-590471348-4020301897-3148249993-1007.job
[2014/01/07 12:39:25 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:01 | 001,828,993 | ---- | M] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/12/31 11:07:51 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\Kevin\Desktop\*.tmp files -> C:\Documents and Settings\Kevin\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/28 08:01:49 | 003,794,432 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\RogueKiller.exe
[2014/01/27 15:23:42 | 002,218,636 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\tdsskiller.zip
[2014/01/27 13:52:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/01/27 13:52:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/01/27 13:52:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/27 13:52:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/01/26 09:40:04 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/01/26 09:09:56 | 2145,554,432 | -HS- | C] () -- C:\hiberfil.sys
[2014/01/20 13:09:14 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2014/01/19 22:05:42 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencbdc.inf
[2014/01/19 22:05:42 | 000,002,641 | ---- | C] () -- C:\WINDOWS\System32\drivers\mfencrk.inf
[2014/01/07 12:39:25 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Shortcut to Job Hunt 2014.lnk
[2013/12/31 11:47:11 | 001,828,993 | ---- | C] () -- C:\Documents and Settings\Kevin\Desktop\Special Edition Use Care Guide Keurig K65.pdf
[2013/09/08 18:48:32 | 000,268,968 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/03/25 08:45:30 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\burnaware.ini
[2012/02/18 08:10:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/12/22 17:09:59 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\kodakpcd.ini
[2007/02/05 10:04:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\FixVTS.ini
[2006/11/23 10:52:56 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\Kevin\default.pls
[2006/07/13 21:05:11 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/03/25 00:03:49 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kevin\Application Data\dvd.bmk
[2006/03/08 20:31:14 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/07 19:32:19 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kevin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/08/16 05:39:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2007/12/25 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2011/07/30 16:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2014/01/25 06:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/03/09 19:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2006/03/30 15:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA30.tmp
[2006/03/30 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3A.tmp
[2007/10/23 16:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2012/08/28 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/01/27 14:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2012/09/05 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/08/23 19:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2014/01/28 14:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/03 13:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TSMDelux
[2012/08/28 18:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/11/22 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/08/20 07:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/01/22 08:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/01/22 08:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2012/09/05 17:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\A7389BEA-FD6B-409A-A860-F7619255E4AB
[2013/01/02 23:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\calibre
[2011/07/30 16:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\DJ ToneXpress
[2014/01/20 15:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\ElevatedDiagnostics
[2014/01/20 15:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\IObit
[2006/03/07 21:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Leadertech
[2007/01/26 12:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\My Games
[2012/08/28 19:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Oracle
[2012/08/28 15:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\PCDr
[2007/02/05 09:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\RipIt4Me
[2012/05/20 09:25:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Kevin\Application Data\RPPrivate
[2012/09/05 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Seagate
[2010/02/22 09:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Skinux
[2014/01/24 13:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\TechCheck
[2006/03/26 16:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Leadertech
[2009/12/24 12:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kim\Application Data\Skinux

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F9819010
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

ken545 · Jan 29, 2014

Looks better, how is your system behaving now ?

Kman1566 · Jan 29, 2014

Better - Firefox home page seems to stay as I set it. Mcafee still does not seem to be downloading updates though= 0% complete after several minutes and does not look right as text is cut off on right side of window.

ken545 · Jan 29, 2014

Why dont you try uninstalling McAfee and then reinstalling it, make sure you have the installation disk or a link to download it from there site, also make sure that you have the serial number so that you can reactivate it when your done.

Another option would be to post in there forum for help, like this forum its free but you will have to register.

https://community.mcafee.com/threads

Let me know how it went and if no luck I have other forums that you can post at to get this fixed

Ken

Infected by trojan, several issues

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert