mimielf1 dds log please advise thanks

Status
Not open for further replies.
M

mimielf1

New member
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Run by mimielf at 12:28:04 on 2011-12-30
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.662 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&si=1006318
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\WinPatrol.exe -expressboot
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AC75FCC5-AE4E-4090-ABCD-521B3D953CA9} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mimielf\application data\mozilla\firefox\profiles\l7dipbt1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=20110501213502744&tb_oid=01-05-2011&tb_mrud=01-05-2011
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A2da3c725-9c93-462f-b338-225e51809884&locale=us
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&ind=2011111512&ptnrS=CDxdm162YYus&si=1006318&n=77df2058&psa=&st=kwd&searchfor=
FF - plugin: c:\documents and settings\mimielf\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\mimielf\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\mimielf\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(protocol-handler.warn-external.dnUpdate, false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-7-9 342128]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-1-16 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-4-29 144888]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-7-9 70216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-7-9 91640]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-7-9 43288]
R4 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
R4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-30 652872]
S1 MpKsl129d2e77;MpKsl129d2e77;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c65b31d-4b1c-4eea-b47b-79ba5cff28c4}\mpksl129d2e77.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6c65b31d-4b1c-4eea-b47b-79ba5cff28c4}\MpKsl129d2e77.sys [?]
S1 MpKsl3e6cbb94;MpKsl3e6cbb94;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb2156c0-02fc-4330-9ff3-44c53ee3b330}\mpksl3e6cbb94.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fb2156c0-02fc-4330-9ff3-44c53ee3b330}\MpKsl3e6cbb94.sys [?]
S1 MpKsl541fe588;MpKsl541fe588;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{954ef865-2efc-4701-911b-41446ec04533}\mpksl541fe588.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{954ef865-2efc-4701-911b-41446ec04533}\MpKsl541fe588.sys [?]
S1 MpKsle31f4126;MpKsle31f4126;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36cad7cd-60e5-4143-89b1-94855df16442}\mpksle31f4126.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{36cad7cd-60e5-4143-89b1-94855df16442}\MpKsle31f4126.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-7-9 65224]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2009-4-29 21256]
.
=============== Created Last 30 ================
.
2011-12-30 17:13:52 388096 ----a-r- c:\documents and settings\mimielf\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-12-30 17:13:44 -------- d-----w- c:\program files\Trend Micro
2011-12-30 15:39:09 -------- d-----w- c:\documents and settings\mimielf\application data\Malwarebytes
2011-12-30 15:36:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-30 15:36:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 11:34:41 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-12-17 11:33:51 -------- d-----w- c:\documents and settings\all users\application data\Affinegy
.
==================== Find3M ====================
.
2011-12-29 13:57:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 12:31:11.92 ===============
-------------------------------
Hello mimielf1,

Preliminary question, after which I may remove or merge the extra posts. :)

"AV: McAfee VirusScan Enterprise"

Is this a business, corporate, institutional computer or used in such an environment?
----------------------------------------------

no. I pulled the McAfee from work and installed on my personal.
 
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



Sorry for the delay but the holidays kind of put us behind.

You have McAfee and Microsoft Security Essentials, cant have both, they will use huge amounts of system resources and severely hamper system performance, with AV, all you need is one, keep it updated and run regular scans. Your call but you need to uninstall one via Add Remove Programs in the Control Panel.


Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
 
mimielf unavailabe till 1/7

I won't be able to get on this until 1/7...please let me know if I have to start over or if I can just continue. thanks
 
mbam results

I think there is still some MY Web Search stuff on here.


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.07.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mimielf :: MIMI [administrator]

Protection: Disabled

1/7/2012 12:54:14 PM
mbam-log-2012-01-07 (12-54-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182924
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
new dds 1/7

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/16/2006 10:35:45 AM
System Uptime: 1/6/2012 5:40:20 PM (20 hours ago)
.
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 30.236 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 5.027 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: MTP Device
Device ID: ROOT\WPD\0000
Manufacturer: (Standard MTP-Compliant Device)
Name: MTP Device
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1804: 10/10/2011 9:06:07 AM - System Checkpoint
RP1805: 10/11/2011 1:45:50 PM - System Checkpoint
RP1806: 10/14/2011 4:28:52 PM - System Checkpoint
RP1807: 10/14/2011 11:10:40 PM - Software Distribution Service 3.0
RP1808: 10/16/2011 9:16:39 AM - System Checkpoint
RP1809: 10/17/2011 1:43:42 PM - System Checkpoint
RP1810: 10/18/2011 2:09:55 PM - System Checkpoint
RP1811: 10/20/2011 10:11:56 AM - System Checkpoint
RP1812: 10/21/2011 10:25:27 AM - System Checkpoint
RP1813: 10/22/2011 12:13:21 PM - System Checkpoint
RP1814: 10/23/2011 5:04:53 PM - System Checkpoint
RP1815: 10/24/2011 7:30:40 PM - System Checkpoint
RP1816: 10/25/2011 8:09:27 PM - System Checkpoint
RP1817: 10/26/2011 9:35:00 PM - System Checkpoint
RP1818: 10/28/2011 10:14:03 AM - System Checkpoint
RP1819: 10/29/2011 3:48:14 PM - System Checkpoint
RP1820: 10/31/2011 11:21:54 AM - System Checkpoint
RP1821: 11/1/2011 3:16:41 PM - System Checkpoint
RP1822: 11/2/2011 3:41:47 PM - System Checkpoint
RP1823: 11/3/2011 8:42:07 PM - System Checkpoint
RP1824: 11/5/2011 8:27:27 AM - System Checkpoint
RP1825: 11/6/2011 1:20:11 PM - System Checkpoint
RP1826: 11/7/2011 3:20:20 PM - System Checkpoint
RP1827: 11/8/2011 8:53:23 PM - System Checkpoint
RP1828: 11/9/2011 11:00:27 AM - Software Distribution Service 3.0
RP1829: 11/10/2011 2:59:43 PM - System Checkpoint
RP1830: 11/11/2011 11:00:26 AM - Software Distribution Service 3.0
RP1831: 11/12/2011 3:50:55 PM - System Checkpoint
RP1832: 11/13/2011 5:01:57 PM - System Checkpoint
RP1833: 11/14/2011 9:41:13 PM - System Checkpoint
RP1834: 11/16/2011 9:34:34 AM - System Checkpoint
RP1835: 11/17/2011 3:12:16 PM - System Checkpoint
RP1836: 11/18/2011 6:54:59 PM - System Checkpoint
RP1837: 11/19/2011 7:46:58 PM - System Checkpoint
RP1838: 11/21/2011 11:38:49 AM - System Checkpoint
RP1839: 11/22/2011 3:44:18 PM - System Checkpoint
RP1840: 11/23/2011 7:09:36 PM - System Checkpoint
RP1841: 11/25/2011 11:41:50 AM - System Checkpoint
RP1842: 11/26/2011 3:02:49 PM - System Checkpoint
RP1843: 11/27/2011 3:27:03 PM - System Checkpoint
RP1844: 11/28/2011 9:50:51 PM - System Checkpoint
RP1845: 11/30/2011 9:20:37 AM - System Checkpoint
RP1846: 12/1/2011 2:36:57 PM - System Checkpoint
RP1847: 12/2/2011 8:09:55 PM - System Checkpoint
RP1848: 12/3/2011 10:19:59 PM - System Checkpoint
RP1849: 12/5/2011 10:22:46 AM - System Checkpoint
RP1850: 12/6/2011 3:01:02 PM - System Checkpoint
RP1851: 12/7/2011 3:13:18 PM - System Checkpoint
RP1852: 12/8/2011 8:36:48 PM - System Checkpoint
RP1853: 12/10/2011 9:42:22 AM - System Checkpoint
RP1854: 12/11/2011 11:43:44 AM - System Checkpoint
RP1855: 12/12/2011 1:38:47 PM - System Checkpoint
RP1856: 12/13/2011 7:24:48 PM - System Checkpoint
RP1857: 12/14/2011 9:59:10 PM - Software Distribution Service 3.0
RP1858: 12/16/2011 11:33:46 AM - System Checkpoint
RP1859: 12/17/2011 3:27:49 PM - System Checkpoint
RP1860: 12/18/2011 6:46:11 PM - System Checkpoint
RP1861: 12/19/2011 8:32:56 PM - System Checkpoint
RP1862: 12/20/2011 9:16:07 PM - System Checkpoint
RP1863: 12/22/2011 9:48:25 AM - System Checkpoint
RP1864: 12/23/2011 10:17:16 AM - System Checkpoint
RP1865: 12/24/2011 12:17:15 PM - System Checkpoint
RP1866: 12/25/2011 6:09:03 PM - System Checkpoint
RP1867: 12/27/2011 8:41:51 AM - System Checkpoint
RP1868: 12/28/2011 9:53:12 AM - System Checkpoint
RP1869: 12/29/2011 11:50:36 AM - Removed Microsoft Office PowerPoint Viewer 2007 (English)
RP1870: 12/29/2011 11:55:53 AM - Removed Skype™ 5.3
RP1871: 12/29/2011 11:57:16 AM - Removed Skype Toolbars
RP1872: 12/30/2011 12:13:42 PM - Installed HiJackThis
RP1873: 12/1/2011 9:54:58 AM - System Checkpoint
RP1874: 1/1/2012 3:53:11 PM - System Checkpoint
RP1875: 1/2/2012 8:51:00 PM - System Checkpoint
RP1876: 1/4/2012 11:08:05 AM - System Checkpoint
RP1877: 1/5/2012 1:45:51 PM - System Checkpoint
RP1878: 1/6/2012 4:42:53 PM - System Checkpoint
RP1879: 1/7/2012 12:09:50 PM - Removed McAfee VirusScan Enterprise
RP1880: 1/7/2012 1:28:08 PM - Removed McAfee Agent.
RP1881: 1/7/2012 1:29:51 PM - Removed Google Talk Plugin
RP1882: 1/7/2012 1:32:16 PM - Removed Bonjour
RP1883: 1/7/2012 1:33:49 PM - Removed QuickTime
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
aioprnt
aioscnnr
AOLIcon
ArcSoft PhotoStudio 5.5
Belkin Setup and Router Monitor
C4USelfUpdater
CCleaner
CCScore
center
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
ELIcon
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
essentials
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Games, Music, & Photos Launcher
Garmin MapSource
Garmin USB Drivers
Google Earth
Google Talk Plugin
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) Processor ID Utility
Intel(R) PROSet for Wired Connections
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 7.1.8 (Basic)
kgcbase
Kodak AIO Printer
KODAK AiO Software
ksDIP
Malwarebytes Anti-Malware version 1.60.0.1800
MapSource - Americas BlueChart v5
Maxtor Manager
MCU
Media Player Classic - Home Cinema v1.5.1.2903
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ Run Time Lib Setup
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
netbrdg
NetWaiting
ocr
OfotoXMI
PreReq
Presto! PageManager 7.15.13
Qualxserve Service Agreement
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Sonic Activation Module
staticcr
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955759)
Update for Windows XP (KB971029)
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinPatrol
WinPatrol 2009
WIRELESS
.
==== Event Viewer Messages From Past Week ========
.
1/7/2012 9:00:13 AM, error: Dhcp [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 0016765F050B has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/7/2012 12:10:39 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/6/2012 8:10:22 AM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070005.
1/4/2012 9:38:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/4/2012 9:38:54 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/3/2012 6:35:54 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
1/3/2012 10:04:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
.
==== End Of File ===========================
 
Hi,


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 
ComboFix 12-01-07.03 - mimielf 01/08/2012 8:36.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.604 [GMT -5:00]
Running from: c:\documents and settings\mimielf\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\mimielf\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
c:\documents and settings\mimielf\Local Settings\Temp\1.tmp\F_IN_BOX.dll
c:\program files\CouponAlert_2pEI
c:\windows\isRS-000.tmp
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\SET85.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SETA4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-08 to 2012-01-08 )))))))))))))))))))))))))))))))
.
.
2012-01-07 18:08 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD9ABE18-3FFF-4984-9A83-5C716A0AA62C}\mpengine.dll
2012-01-07 17:26 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 17:26 . 2012-01-07 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 17:15 . 2012-01-07 17:17 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-01 17:09 . 2012-01-01 17:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\Temp
2011-12-30 18:33 . 2011-12-30 18:33 -------- d-----w- c:\documents and settings\All Users\Kodak
2011-12-30 18:30 . 2011-06-16 22:53 131072 ----a-w- c:\windows\system32\EKIJCOINST12.dll
2011-12-30 18:30 . 2011-06-16 22:53 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2011-12-30 18:30 . 2011-06-16 22:53 425984 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2011-12-30 18:11 . 2011-12-30 18:42 -------- d-----w- c:\documents and settings\mimielf\Local Settings\Application Data\Eastman_Kodak_Company
2011-12-30 18:11 . 2011-12-30 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Eastman Kodak Company
2011-12-30 18:00 . 2011-12-30 18:29 -------- d-----w- c:\program files\Kodak
2011-12-30 17:25 . 2011-12-30 17:25 -------- d-----w- c:\program files\ERUNT
2011-12-30 17:13 . 2011-12-30 17:13 388096 ----a-r- c:\documents and settings\mimielf\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-30 17:13 . 2011-12-30 17:13 -------- d-----w- c:\program files\Trend Micro
2011-12-30 15:39 . 2011-12-30 15:39 -------- d-----w- c:\documents and settings\mimielf\Application Data\Malwarebytes
2011-12-30 15:36 . 2011-12-30 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-19 21:32 . 2011-12-19 21:32 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-12-17 11:34 . 2011-02-15 18:17 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2011-12-17 11:33 . 2011-12-17 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Affinegy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 13:57 . 2011-05-14 16:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-10 17:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 19:29 . 2010-10-04 23:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 19:20 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 17:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 17:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2004-08-10 17:51 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-04 03:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2004-08-10 18:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-11-10 21:13 . 2011-03-26 12:31 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"9322:TCP"= 9322:TCP:EKDiscovery
.
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 4:32 PM 394672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/7/2012 12:26 PM 652872]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/7/2012 12:26 PM 20464]
S1 MpKsl129d2e77;MpKsl129d2e77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C65B31D-4B1C-4EEA-B47B-79BA5CFF28C4}\MpKsl129d2e77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6C65B31D-4B1C-4EEA-B47B-79BA5CFF28C4}\MpKsl129d2e77.sys [?]
S1 MpKsl3e6cbb94;MpKsl3e6cbb94;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB2156C0-02FC-4330-9FF3-44C53EE3B330}\MpKsl3e6cbb94.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FB2156C0-02FC-4330-9FF3-44C53EE3B330}\MpKsl3e6cbb94.sys [?]
S1 MpKsl541fe588;MpKsl541fe588;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{954EF865-2EFC-4701-911B-41446EC04533}\MpKsl541fe588.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{954EF865-2EFC-4701-911B-41446EC04533}\MpKsl541fe588.sys [?]
S1 MpKsle31f4126;MpKsle31f4126;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36CAD7CD-60E5-4143-89B1-94855DF16442}\MpKsle31f4126.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{36CAD7CD-60E5-4143-89B1-94855DF16442}\MpKsle31f4126.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 9:39 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 9:39 AM 135664]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-07 23:49]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:39]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 14:39]
.
2012-01-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&si=1006318
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=20110501213502744&tb_oid=01-05-2011&tb_mrud=01-05-2011
FF - prefs.js: browser.startup.homepage - hxxps://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A2da3c725-9c93-462f-b338-225e51809884&locale=us
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&ind=2011111512&ptnrS=CDxdm162YYus&si=1006318&n=77df2058&psa=&st=kwd&searchfor=
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13);user_pref(protocol-handler.warn-external.dnUpdate, false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Google Update - c:\documents and settings\mimielf\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-08 08:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2012-01-08 09:04:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-08 14:04
.
Pre-Run: 32,456,531,968 bytes free
Post-Run: 32,698,695,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 917D41AB47724DBA2A194FF8CA512137
 
H,

Lets run this program and see whats left to remove

OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
otl txt

OTL logfile created on: 1/8/2012 12:50:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mimielf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 61.91% Memory free
1.86 Gb Paging File | 1.51 Gb Available in Paging File | 81.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 30.90 Gb Free Space | 58.62% Space Free | Partition Type: NTFS
Drive D: | 18.06 Gb Total Space | 5.03 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: MIMI | User Name: mimielf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\mimielf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\61f93e98f880d193c7507dd4bd783071\Inkjet.Automation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\92c110e2f9e336a7b1915a087c4505d2\Inkjet.DeviceSettings.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\bd36e805b0c8db5be9902e2ef4ff740e\Inkjet.Diagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\6c308afb1b1cc24c392f30e8166514de\Inkjet.Localization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\1e4ef830d6f5617fccce4fa99f03ec4e\Inkjet.Utilities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\fb5e40b1212c7523933bccffaa9c469f\Inkjet.Hardware.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\fcbe7f69eb23bcdcac7f223cf1ebab2a\Inkjet.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\349b5a25e18cd32bac336fcfd5433d47\Inkjet.Statistics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MpKsl455d49ed) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04623A96-80F1-49CD-A959-1D01392AA43B}\MpKsl455d49ed.sys (Microsoft Corporation)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.j...F51333-8572-4066-A3E1-EC1E49F5193C&si=1006318
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No CLSID value found
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50ffTB50CL-chromesbox-en-us&tb_uuid=20110501213502744&tb_oid=01-05-2011&tb_mrud=01-05-2011"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&seamless=novl&offerId=newmail-en-us-v2&authLev=0&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A2da3c725-9c93-462f-b338-225e51809884&locale=us"
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm162YYus&ptb=AEF51333-8572-4066-A3E1-EC1E49F5193C&ind=2011111512&ptnrS=CDxdm162YYus&si=1006318&n=77df2058&psa=&st=kwd&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 12:10:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/26 21:52:28 | 000,000,000 | ---D | M]

[2008/10/14 19:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Extensions
[2012/01/06 08:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\extensions
[2010/03/04 19:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/27 13:20:45 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\mimielf\Application Data\Mozilla\Firefox\Profiles\l7dipbt1.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/12/29 11:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIMIELF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L7DIPBT1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIMIELF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L7DIPBT1.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIMIELF\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\L7DIPBT1.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
[2011/11/10 16:13:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/26 07:31:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 16:13:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/08 08:50:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..\Toolbar\WebBrowser: (no name) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No CLSID value found.
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC75FCC5-AE4E-4090-ABCD-521B3D953CA9}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\mimielf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mimielf\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\F:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/08 12:48:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mimielf\Desktop\OTL.exe
[2012/01/08 09:52:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mimielf\Recent
[2012/01/08 08:34:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/08 08:32:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/08 08:32:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/08 08:32:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/08 08:32:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/08 08:32:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/08 08:24:43 | 004,374,678 | R--- | C] (Swearware) -- C:\Documents and Settings\mimielf\Desktop\ComboFix.exe
[2012/01/07 12:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/01/01 12:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2011/12/30 13:33:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Kodak
[2011/12/30 13:30:28 | 000,131,072 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJCOINST12.dll
[2011/12/30 13:30:25 | 000,425,984 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJ5000MON.dll
[2011/12/30 13:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimielf\Local Settings\Application Data\Eastman_Kodak_Company
[2011/12/30 13:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2011/12/30 13:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kodak
[2011/12/30 13:04:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mimielf\Desktop\fixes
[2011/12/30 13:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2011/12/30 12:27:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/30 12:25:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/30 12:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/30 12:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimielf\Start Menu\Programs\HiJackThis
[2011/12/30 12:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/30 10:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mimielf\Application Data\Malwarebytes
[2011/12/30 10:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/19 16:32:26 | 000,323,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaaut.dll
[2011/12/17 06:34:41 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\AFGSp50.sys
[2011/12/17 06:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/08 12:48:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mimielf\Desktop\OTL.exe
[2012/01/08 12:34:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/08 11:06:16 | 000,443,202 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/08 11:06:16 | 000,072,276 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 09:24:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/08 09:19:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 09:19:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/08 09:18:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/08 09:18:50 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 08:50:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/08 08:34:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/08 08:25:00 | 004,374,678 | R--- | M] (Swearware) -- C:\Documents and Settings\mimielf\Desktop\ComboFix.exe
[2012/01/07 21:14:52 | 000,012,984 | ---- | M] () -- C:\Documents and Settings\mimielf\Application Data\wklnhst.dat
[2012/01/07 13:51:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/01/07 12:18:24 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/12/30 13:20:27 | 000,002,664 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2011/12/29 08:57:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/19 16:32:26 | 000,323,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaaut.dll
[2011/12/15 08:37:53 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/11 13:43:26 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/08 08:34:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/08 08:34:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/08 08:32:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/08 08:32:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/08 08:32:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/08 08:32:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/08 08:32:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/07 12:21:58 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/07 12:15:59 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/05/05 17:50:29 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/22 18:35:49 | 000,000,363 | ---- | C] () -- C:\WINDOWS\TBSVM61.INI
[2009/11/11 09:27:08 | 000,103,474 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2009/11/11 09:27:08 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2009/08/20 11:18:42 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\kodakpcd.ini
[2008/08/22 10:34:31 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/22 10:34:31 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\BE06F97A93.sys
[2007/09/24 15:51:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\3D Text Factory.INI
[2007/09/20 11:55:37 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2007/09/20 11:04:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/09/20 11:04:19 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/12/01 13:48:45 | 000,000,715 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2006/08/15 17:49:45 | 000,000,014 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/12 12:32:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2006/08/10 12:37:17 | 000,000,101 | ---- | C] () -- C:\WINDOWS\upst.ini
[2006/07/17 21:09:33 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/20 20:14:38 | 000,012,984 | ---- | C] () -- C:\Documents and Settings\mimielf\Application Data\wklnhst.dat
[2006/06/17 16:23:16 | 000,000,031 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/06/17 11:59:17 | 000,000,030 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/06/17 07:30:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.rob.ini
[2006/06/16 15:20:21 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\mimielf\Local Settings\Application Data\fusioncache.dat
[2006/06/16 10:49:47 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.mimielf.ini
[2006/05/19 23:33:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/19 23:29:31 | 000,004,406 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/19 23:25:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/19 23:22:35 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/05/19 23:20:25 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/05/19 23:16:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/19 22:52:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/05/19 22:51:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/19 22:51:38 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,239,944 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 12:51:20 | 000,443,202 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 12:51:20 | 000,072,276 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 12:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 12:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 12:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 12:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 12:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 12:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/12/17 06:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/07/09 12:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2011/12/30 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/11/04 19:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/04/02 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/03/14 09:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/30 10:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2010/12/08 12:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leawo
[2010/11/25 12:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008/10/01 08:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/12/02 11:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/05 09:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/01 12:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Temp
[2010/05/18 06:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Canon
[2006/09/12 18:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Snapfish
[2011/12/30 13:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Temp
[2006/07/29 09:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Template
[2007/02/08 19:54:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\Viewpoint
[2009/08/17 07:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\WinPatrol
[2010/08/03 11:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mimielf\Application Data\wsInspector
[2012/01/08 09:24:20 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
 
extras txt

OTL Extras logfile created on: 1/8/2012 12:50:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mimielf\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.25 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 61.91% Memory free
1.86 Gb Paging File | 1.51 Gb Available in Paging File | 81.52% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 30.90 Gb Free Space | 58.62% Space Free | Partition Type: NTFS
Drive D: | 18.06 Gb Total Space | 5.03 Gb Free Space | 27.84% Space Free | Partition Type: NTFS

Computer Name: MIMI | User Name: mimielf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.1.2903
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{603F460F-49B5-41C9-BE15-E73924C6CAD2}" = MapSource - Americas BlueChart v5
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.8 (Basic)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/2/2012 9:47:43 AM | Computer Name = MIMI | Source = ESENT | ID = 455
Description = wuaueng.dll (3884) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/7/2012 1:02:07 PM | Computer Name = MIMI | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 10.0.4030.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2012 1:16:43 PM | Computer Name = MIMI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 1/7/2012 1:28:54 PM | Computer Name = MIMI | Source = MsiInstaller | ID = 11706
Description = Product: SFR -- Error 1706.No valid source could be found for product
SFR. The Windows Installer cannot continue.

Error - 1/7/2012 1:41:34 PM | Computer Name = MIMI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.7903.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 1/7/2012 1:45:10 PM | Computer Name = MIMI | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.7903.0, P5 fixed, P6 1 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.

Error - 1/7/2012 1:49:47 PM | Computer Name = MIMI | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.59, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2012 1:49:52 PM | Computer Name = MIMI | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.59, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/7/2012 1:49:58 PM | Computer Name = MIMI | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.59, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/8/2012 10:17:45 AM | Computer Name = MIMI | Source = MsiInstaller | ID = 11706
Description = Product: SFR -- Error 1706.No valid source could be found for product
SFR. The Windows Installer cannot continue.

[ System Events ]
Error - 1/7/2012 2:35:28 PM | Computer Name = MIMI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/7/2012 2:35:28 PM | Computer Name = MIMI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/7/2012 2:35:28 PM | Computer Name = MIMI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/7/2012 2:35:28 PM | Computer Name = MIMI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/7/2012 2:35:29 PM | Computer Name = MIMI | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/7/2012 4:23:43 PM | Computer Name = MIMI | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 1/8/2012 9:49:52 AM | Computer Name = MIMI | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.

Error - 1/8/2012 9:52:04 AM | Computer Name = MIMI | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 1/8/2012 9:52:04 AM | Computer Name = MIMI | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 1/8/2012 10:19:08 AM | Computer Name = MIMI | Source = WPDMTPDriver | ID = 80836
Description = MTP WPD Driver has failed to start. Error 0x80070005.


< End of report >
 
Hello,

Let remove the rest of MyWebSearch

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
IE - HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jh...93C&si=1006318


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces
 
otl run fix

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\mimielf\Desktop\fixes\cmd.bat deleted successfully.
C:\Documents and Settings\mimielf\Desktop\fixes\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 113 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 300 bytes

User: mimielf
->Temp folder emptied: 180514 bytes
->Temporary Internet Files folder emptied: 1442194 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54368111 bytes
->Flash cache emptied: 1306 bytes

User: NetworkService
->Temp folder emptied: 4976 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: rob

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3311919 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15251856 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 382848 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01082012_140202

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
fyi

My win patrol asked if I wanted to keep mywebsearch as startpage I declined...then win patrol said change to HOSTS I accepted...I hope win patrol wasn't able to reinstall or re introduce mywebsearch...how will I know?
 
WinPatrol is a nice program but to in your face for me so I stopped using it a while back.

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64 Bit Version

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :filefind
mywebsearch
:folderfind
mywebsearch
:regfind
mywebsearch
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
Our policy is if there are no replies after 3 days the thread is closed , I will try to keep it open for you but it may be closed by a moderator, if it is just PM me to reopen it
 
system look

I have a couple minutes...





SystemLook 30.07.11 by jpshortstuff
Log created at 18:42 on 08/01/2012 by mimielf
Administrator - Elevation successful

========== filefind ==========

Searching for "mywebsearch"
No files found.

========== folderfind ==========

Searching for "mywebsearch"
No folders found.

========== regfind ==========

Searching for "mywebsearch"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"MyWebSearch Search Assistant for Internet Explorer"="900"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE"="11"
[HKEY_USERS\S-1-5-21-892685480-1224073708-2444126477-1006\Software\BillP Studios\WinPatrol\IEHelpers]
"MyWebSearch Search Assistant for Internet Explorer"="900"
[HKEY_USERS\S-1-5-21-892685480-1224073708-2444126477-1006\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE"="11"

-= EOF =-
 
I believe those are what WinPatrol has blocked , there not on your machine. After the OTL fix is it gone ?
 
new otl fix

looks good




All processes killed
========== PROCESSES ==========
========== OTL ==========
HKU\S-1-5-21-892685480-1224073708-2444126477-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\mimielf\Desktop\fixes\cmd.bat deleted successfully.
C:\Documents and Settings\mimielf\Desktop\fixes\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: mimielf
->Temp folder emptied: 180224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39300813 bytes
->Flash cache emptied: 1629 bytes

User: NetworkService
->Temp folder emptied: 7720 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: rob

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14168 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2838 bytes

Total Files Cleaned = 38.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01082012_185449

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back
Top