TheTechGuide Forum

General Category => Tech Clinic => Topic started by: jme on May 28, 2010, 04:29:09 PM

Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on May 28, 2010, 04:29:09 PM
I had an alert by my virus protection yesterday saying that FakeAlert-FakeSpy.a trojan was detected and removed, but I am still having issues with my Windows Vista laptop. My internet explorer searches are being hijacked, my sound stopped working(checked device manager-everything is working properly), corrupted file alerts, etc. Ran Malwarebytes, nothing. Ran virus scan..nothing again. Ran a chkdsk but still can't do a system resore. The only thing I can think of that allowed this to happen was I got an adobe air update notification yesterday that I allowed, ugh. /rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' /> If you can possibly shed some light on this, I'd be eternally grateful /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:09:43 PM, on 5/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.EXE
C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
C:\Program Files\Electronic Arts\EADM\EADownloadManager\EADownloadManager.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.tenderfoot.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c994b5daf4fd90) (gupdate1c994b5daf4fd90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13916 bytes
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on May 29, 2010, 02:16:25 PM
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on May 29, 2010, 04:10:39 PM
Update: I was able to isolate one problem...I removed a desktop.dll file and that seemed to handle my corrupted file problem and was able to do a system restore to get all my files back where they belonged....still having browser search redirect issues and windows error messages.


OTL Extras logfile created on: 5/29/2010 2:01:42 PM - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 69.26 Gb Free Space | 50.75% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 134.63 Gb Free Space | 90.33% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
Drive F: | 4.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMIE-LAPTOP
Current User Name: Jamie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FCD136F6-1108-4477-B2C0-980C928D4489}" = lport=58610 | protocol=6 | dir=in | name=pandorest listening port |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079F2CF9-8F69-4911-A17D-809E6EDB496B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0D5B398F-5AA9-47D3-8063-AED9D24564DE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0F6EA917-076B-4DEB-817E-110F34818D60}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1C9EAF96-3FB4-48E5-B30E-D68EA1EE2BCD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3C2BB211-0E22-462F-94B1-0B8776CFC166}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3E85D960-982F-487D-B0BA-CBA2C307A2CC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{412A34CC-B69C-415D-BBF3-7AED8F38BB37}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{46D17623-4257-435F-934C-0D62E5F77485}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{58FA92E5-AE86-40FD-B969-97371090DDDC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5DCF5A6A-67BF-47B4-82AE-1B49EE4AF1CA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7377C453-2F28-4196-B688-4BB9B07B2C38}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DD68E26-ADBB-4292-B6C5-60F7B00E5177}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{811E792D-8715-49C6-8DAE-E089396EFAE2}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{81DAB592-FCB3-4427-88DE-A713E7362F66}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{900EECAB-EB64-41DC-A1D3-AA1D2622474C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{92E88F79-5149-4C08-9092-4F4687D2275C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A213B746-62A3-41E7-BA7C-6A8C3F381CD8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{A3506129-3D91-41D2-BA02-7BDA6653B31D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{BB68E4FA-FF82-4519-9B2E-15E93D5036B5}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{E8FF8C28-7A25-48ED-BDA3-A23B4282ADA5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{FBB00A5F-B5F6-4189-BC31-A2142EF4C128}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2EDC0C39-9F9F-461F-9C43-3D51B58B4C87}" = REALVIZ StitcherEZ ACD
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel Photo Album 7
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{5BBADAF1-6971-44AF-BDEC-AC92DC7D90D1}" = Corel Clip Art
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6008687-A12B-47AC-8752-6FD9E735FFB0}" = Sims 3 Workshop
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EA Download Manager" = EA Download Manager
"GoToAssist" = GoToAssist 8.0.0.480
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Pixillion" = Pixillion Image Converter
"RealPlayer 12.0" = RealPlayer
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Yahoo! Applications" = AT&T Yahoo! Applications
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/29/2010 12:25:00 AM | Computer Name = Jamie-Laptop | Source = Application Hang | ID = 1002
Description = The program Safari.exe version 5.31.21.10 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 12ec  Start Time: 01cafeba2ed5eff0  Termination Time: 150
 
Error - 5/29/2010 2:36:06 AM | Computer Name = Jamie-Laptop | Source = Application Hang | ID = 1002
Description = The program Safari.exe version 5.31.21.10 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 129c  Start Time: 01cafee70967bfa0  Termination Time: 186
 
Error - 5/29/2010 9:50:16 AM | Computer Name = Jamie-Laptop | Source = OpenCASE Media Agent | ID = 0
Description = Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException:
 Object reference not set to an instance of an object.     at opencase.csm.CSMService.OnPowerEvent(PowerBroadcastStatus
 powerStatus)     at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType,
 IntPtr eventData).
 
Error - 5/29/2010 11:50:31 AM | Computer Name = Jamie-Laptop | Source = OpenCASE Media Agent | ID = 0
Description = Failed in handling the PowerEvent. The error that occurred was: System.NullReferenceException:
 Object reference not set to an instance of an object.     at opencase.csm.CSMService.OnPowerEvent(PowerBroadcastStatus
 powerStatus)     at System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType,
 IntPtr eventData).
 
Error - 5/29/2010 12:12:06 PM | Computer Name = Jamie-Laptop | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
Error - 5/29/2010 12:15:06 PM | Computer Name = Jamie-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 5/29/2010 12:15:06 PM | Computer Name = Jamie-Laptop | Source = Windows Search Service | ID = 3013
Description =
 
Error - 5/29/2010 12:16:58 PM | Computer Name = Jamie-Laptop | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
Error - 5/29/2010 12:16:58 PM | Computer Name = Jamie-Laptop | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed.  Engine returned error : 3
 
Error - 5/29/2010 12:32:05 PM | Computer Name = Jamie-Laptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
 exception code 0xc000071b, fault offset 0x000888f5,  process id 0x4d0, application
 start time 0x01caff4996c3e2aa.
 
[ Broadcom Wireless LAN Events ]
Error - 2/5/2010 11:23:13 PM | Computer Name = Jamie-Laptop | Source = WLAN-Tray | ID = 0
Description = 19:23:13, Fri, Feb 05, 10 Error - Unable to gain access to user store

 
Error - 3/6/2010 7:13:21 PM | Computer Name = JAMIE-LAPTOP | Source = WLAN-Tray | ID = 0
Description = 15:13:21, Sat, Mar 06, 10 Error - Unable to gain access to user store

 
Error - 3/9/2010 3:41:20 PM | Computer Name = JAMIE-LAPTOP | Source = WLAN-Tray | ID = 0
Description = 11:41:20, Tue, Mar 09, 10 Error - Unable to gain access to user store

 
Error - 4/2/2010 4:41:32 AM | Computer Name = JAMIE-LAPTOP | Source = WLAN-Tray | ID = 0
Description = 01:41:32, Fri, Apr 02, 10 Error - Unable to gain access to user store

 
Error - 5/23/2010 3:05:11 PM | Computer Name = JAMIE-LAPTOP | Source = WLAN-Tray | ID = 0
Description = 12:05:10, Sun, May 23, 10 Error - Unable to gain access to user store

 
Error - 5/27/2010 5:18:44 PM | Computer Name = Jamie-Laptop | Source = WLAN-Tray | ID = 0
Description = 14:18:44, Thu, May 27, 10 Error - Unable to gain access to user store

 
Error - 5/27/2010 6:34:13 PM | Computer Name = JAMIE-LAPTOP | Source = WLAN-Tray | ID = 0
Description = 15:34:13, Thu, May 27, 10 Error - Unable to gain access to user store

 
Error - 5/28/2010 6:39:38 PM | Computer Name = Jamie-Laptop | Source = WLAN-Tray | ID = 0
Description = 15:39:38, Fri, May 28, 10 Error - Unable to switch user context, error
 87
 
Error - 5/29/2010 3:30:34 AM | Computer Name = Jamie-Laptop | Source = WLAN-Tray | ID = 0
Description = 00:30:34, Sat, May 29, 10 Error - Unable to gain access to user store

 
[ Media Center Events ]
Error - 5/22/2008 7:27:51 PM | Computer Name = Jamie-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 6/1/2008 12:27:15 PM | Computer Name = Jamie-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
 
Error - 8/19/2008 1:51:11 PM | Computer Name = Jamie-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 10/27/2008 7:55:16 PM | Computer Name = Jamie-Laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
[ System Events ]
Error - 5/29/2010 4:59:25 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:00:12 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:00:59 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:01:46 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:02:37 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:03:28 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:04:17 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:05:05 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:05:53 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
Error - 5/29/2010 5:06:58 PM | Computer Name = Jamie-Laptop | Source = Service Control Manager | ID = 7031
Description =
 
 
< End of report >
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on May 29, 2010, 04:11:50 PM
OTL logfile created on: 5/29/2010 2:01:42 PM - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
9.00 Gb Paging File | 7.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 69.26 Gb Free Space | 50.75% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 134.63 Gb Free Space | 90.33% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
Drive F: | 4.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMIE-LAPTOP
Current User Name: Jamie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2010/02/14 02:14:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/01 21:29:20 | 000,037,888 | R--- | M] () -- C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 11:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/04/17 21:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/17 20:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/03 15:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 15:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/08 16:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/06/05 02:18:54 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/10/08 13:04:48 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (stllssvr)
SRV - File not found [On_Demand | Stopped] --  -- (LiveUpdate)
SRV - File not found [Auto | Stopped] --  -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] --  -- (Automatic LiveUpdate Scheduler)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/08/29 18:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/03/26 15:59:50 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/06/09 07:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/18 20:13:15 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/10/18 20:13:15 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/10/18 20:13:15 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/07 11:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/12 17:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/21 12:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/27 00:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 00:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 00:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/06 18:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 16:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 16:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 19:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 19:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2008/12/15 18:02:06 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: k12.ca.us ([parentconnect.luhsd] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tenderfoot.com ([]http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Photobucket Publisher http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/21 16:14:45 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/11/05 00:34:55 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009/12/21 16:14:45 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009/12/21 16:14:45 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/05/29 14:01:06 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2010/05/29 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Apple Computer
[2010/05/28 21:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/28 21:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/28 14:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/27 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\gjqbrjexs
 
========== Files - Modified Within 30 Days ==========
 
[2010/05/29 14:05:24 | 003,932,160 | -HS- | M] () -- C:\Users\Jamie\ntuser.dat
[2010/05/29 14:04:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{80F9AC3E-52B9-4469-9143-26291EC849C5}.job
[2010/05/29 14:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2010/05/29 13:12:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/29 13:12:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/29 09:36:55 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/29 09:36:55 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/29 09:36:55 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/29 09:35:24 | 000,028,070 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/05/29 09:33:27 | 000,082,171 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/29 09:33:27 | 000,082,171 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/29 09:33:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/29 09:33:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/29 09:11:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/29 09:10:08 | 004,194,304 | -HS- | M] () -- C:\Users\Jamie\ntuser.dat_previous
[2010/05/29 09:10:08 | 000,524,288 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/29 09:10:08 | 000,065,536 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/28 15:31:42 | 002,632,904 | -H-- | M] () -- C:\Users\Jamie\AppData\Local\IconCache.db
[2010/05/27 21:55:54 | 000,003,776 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\wklnhst.dat
[2010/05/27 21:55:53 | 000,011,776 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Finale.wps
[2010/05/25 17:27:14 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/21 17:51:12 | 000,799,709 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (16).wma
[2010/05/21 17:48:39 | 000,840,119 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (15).wma
[2010/05/21 17:45:56 | 000,880,529 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (14).wma
[2010/05/21 17:43:10 | 000,822,159 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (13).wma
[2010/05/21 17:40:28 | 000,786,239 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (12).wma
[2010/05/21 17:34:45 | 000,831,139 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (11).wma
[2010/05/21 17:31:57 | 000,961,349 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (10).wma
[2010/05/21 17:25:19 | 000,835,629 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (9).wma
[2010/05/21 17:19:54 | 000,777,259 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (8).wma
[2010/05/21 17:16:32 | 000,858,079 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (7).wma
[2010/05/21 17:13:13 | 000,745,829 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (6).wma
[2010/05/21 17:11:57 | 000,835,629 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (5).wma
[2010/05/21 17:10:39 | 000,822,159 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (4).wma
[2010/05/21 17:06:06 | 000,808,689 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (3).wma
[2010/05/21 17:01:48 | 000,831,139 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled (2).wma
[2010/05/21 16:59:04 | 000,956,859 | ---- | M] () -- C:\Users\Jamie\Documents\Untitled.wma
[2010/05/21 16:54:59 | 000,103,759 | ---- | M] () -- C:\Users\Jamie\Documents\test.wma
[2010/05/18 01:27:16 | 000,009,728 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Beach Bum.wps
[2010/05/17 01:19:32 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/05/15 01:37:47 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/13 02:05:10 | 000,013,312 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Kid at heart.wps
[2010/05/08 10:01:08 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 23:32:35 | 000,012,800 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Role Play Date Night.wps
[2010/05/01 10:42:31 | 000,001,672 | ---- | M] () -- C:\Users\Jamie\Desktop\CCleaner.lnk
[2010/05/01 01:15:45 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/04/30 11:43:35 | 000,324,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010/05/27 12:37:11 | 000,011,776 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Finale.wps
[2010/05/21 17:51:12 | 000,799,709 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (16).wma
[2010/05/21 17:48:39 | 000,840,119 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (15).wma
[2010/05/21 17:45:56 | 000,880,529 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (14).wma
[2010/05/21 17:43:09 | 000,822,159 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (13).wma
[2010/05/21 17:40:28 | 000,786,239 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (12).wma
[2010/05/21 17:34:45 | 000,831,139 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (11).wma
[2010/05/21 17:31:57 | 000,961,349 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (10).wma
[2010/05/21 17:25:19 | 000,835,629 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (9).wma
[2010/05/21 17:19:54 | 000,777,259 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (8).wma
[2010/05/21 17:16:32 | 000,858,079 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (7).wma
[2010/05/21 17:13:13 | 000,745,829 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (6).wma
[2010/05/21 17:11:57 | 000,835,629 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (5).wma
[2010/05/21 17:10:39 | 000,822,159 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (4).wma
[2010/05/21 17:06:06 | 000,808,689 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (3).wma
[2010/05/21 17:01:48 | 000,831,139 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled (2).wma
[2010/05/21 16:59:03 | 000,956,859 | ---- | C] () -- C:\Users\Jamie\Documents\Untitled.wma
[2010/05/21 16:54:11 | 000,103,759 | ---- | C] () -- C:\Users\Jamie\Documents\test.wma
[2010/05/18 01:27:16 | 000,009,728 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Beach Bum.wps
[2010/05/13 02:05:10 | 000,013,312 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Kid at heart.wps
[2010/05/08 10:01:08 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 23:32:35 | 000,012,800 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Role Play Date Night.wps
[2010/05/01 10:42:31 | 000,001,672 | ---- | C] () -- C:\Users\Jamie\Desktop\CCleaner.lnk
[2010/03/10 12:38:01 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/02/14 02:16:27 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/02 14:44:59 | 000,000,737 | ---- | C] () -- C:\Windows\XMLEditor31.INI
[2009/06/01 21:21:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/03 14:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/12/24 14:52:37 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/10/18 20:13:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/18 12:34:33 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 15:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/09/15 15:40:22 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002/02/27 18:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\TS-L632H_D300[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\A103[1]:Roxio EMC Stream
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2DAD076E
< End of report >
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on May 30, 2010, 12:20:50 AM
In Internet Explorer: Click on Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server"

Close IE
Open Malwarebytes AntiMalware

Click on the UPDATE tab, then "Check for Updates"  Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log from MBAM, can you also right click on Hijackthis and select to "run as Administrator"
Do a fresh Scan and Save logfile, post the new log that opens
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on May 30, 2010, 12:56:33 AM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4155

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/29/2010 10:53:32 PM
mbam-log-2010-05-29 (22-53-32).txt

Scan type: Quick scan
Objects scanned: 126428
Time elapsed: 8 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:04 PM, on 5/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\ehome\ehmsas.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
C:\Program Files\Electronic Arts\EADM\EADownloadManager\EADownloadManager.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.tenderfoot.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c994b5daf4fd90) (gupdate1c994b5daf4fd90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13823 bytes
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on May 30, 2010, 01:33:51 AM
In Internet Explorer: Click on Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server"

Close IE
Right click on Hijackthis and choose to "Run as Admin"
Do a "System scan only" with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer

Back in windows
Right click on Hijackthis, "run as admin"
Do a fresh Scan and save logfile and post the new log

If you can't get online
Again do the following

In Internet Explorer: Click on Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server"
Restart IE
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on May 30, 2010, 02:19:06 AM
In Internet Explorer: Click on Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" [color="#000080"][/color]   This is already unchecked.

Right click on Hijackthis and choose to "Run as Admin"   When I right click on this, I do not have the run as admin option.

Had Hijack this fix the listed item, rebooted and now my comp is displaying all the same behaviors and settings I spoke of in the first post, my sound disabled multiple desktop files, files all jumbled etc......and my hijack this program disappeared!! Redownloading now so I can post another log.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:08 AM, on 5/30/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Users\Jamie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.tenderfoot.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c994b5daf4fd90) (gupdate1c994b5daf4fd90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13373 bytes
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on May 30, 2010, 11:29:03 AM
Download ComboFix from ONLY this location

[color="#0000FF"]Link[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")

[color="#FF0000"]Save it ONLY to your Desktop[/color]


      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

# WARNING:  Combofix will disconnect your machine from the Internet as soon as it starts
# Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
# If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on May 30, 2010, 01:40:18 PM
ComboFix 10-05-29.05 - Jamie 05/30/2010  11:10:07.1.2 - x86
Running from: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jamie\GoToAssistDownloadHelper.exe
c:\windows\system32\%appdata%

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack /tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
.
(((((((((((((((((((((((((   Files Created from 2010-04-28 to 2010-05-30  )))))))))))))))))))))))))))))))
.

2010-05-30 18:21 . 2010-05-30 18:26   --------   d-----w-   c:\users\Jamie\AppData\Local\temp
2010-05-30 18:21 . 2010-05-30 18:21   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-05-30 17:52 . 2010-05-30 17:52   --------   dc----w-   C:\%APPDATA%
2010-05-29 16:13 . 2010-05-29 16:13   --------   d-----w-   c:\users\Jamie\AppData\Local\Apple Computer
2010-05-29 04:15 . 2010-05-29 05:06   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-05-29 04:15 . 2010-05-29 04:17   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-05-28 22:40 . 2010-05-28 22:40   --------   d-----w-   c:\windows\system32\config\systemprofile\Bluetooth Software
2010-05-28 21:08 . 2010-05-28 21:08   --------   d-----w-   c:\program files\Trend Micro
2010-05-27 18:28 . 2010-05-27 18:28   --------   d-----w-   c:\users\Jamie\AppData\Local\gjqbrjexs
2010-05-12 17:46 . 2010-01-29 15:40   738816   ----a-w-   c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-30 18:24 . 2009-07-26 05:36   82171   ----a-w-   c:\programdata\nvModes.dat
2010-05-30 18:22 . 2007-10-18 19:20   1076   ----a-w-   c:\windows\bthservsdp.dat
2010-05-30 06:02 . 2010-05-30 06:02   388096   ----a-r-   c:\users\Jamie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-30 05:44 . 2010-02-06 02:39   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-29 16:09 . 2010-03-30 08:19   --------   d-----w-   c:\programdata\PMB Files
2010-05-28 23:07 . 2010-01-28 19:04   --------   d-----w-   c:\program files\Safari
2010-05-28 04:55 . 2007-11-05 18:23   3776   ----a-w-   c:\users\Jamie\AppData\Roaming\wklnhst.dat
2010-05-26 00:30 . 2010-04-04 18:18   439816   ----a-w-   c:\users\Jamie\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-17 08:19 . 2010-03-10 19:38   952   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-05-13 09:50 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-05-08 17:00 . 2007-10-18 19:53   --------   d-----w-   c:\program files\Google
2010-05-01 17:42 . 2008-02-11 03:53   --------   d-----w-   c:\program files\CCleaner
2010-04-29 22:39 . 2010-02-06 02:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-02-06 02:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-25 05:46 . 2007-10-18 19:28   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-04-24 23:02 . 2010-04-24 23:02   690952   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-02 08:41 . 2008-12-13 20:27   --------   d-----w-   c:\program files\McAfee
2010-03-13 04:15 . 2010-03-13 04:15   10134   ----a-r-   c:\users\Jamie\AppData\Roaming\Microsoft\Installer\{5BBADAF1-6971-44AF-BDEC-AC92DC7D90D1}\ARPPRODUCTICON.exe
2010-03-07 20:53 . 2010-02-05 22:07   50354   ----a-w-   c:\users\Jamie\AppData\Roaming\Facebook\uninstall.exe
2010-03-06 05:30 . 2010-03-06 05:30   5582848   ----a-w-   c:\users\Jamie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-05 14:01 . 2010-04-13 21:49   420352   ----a-w-   c:\windows\system32\vbscript.dll
2007-10-19 03:13 . 2007-10-19 03:06   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-30 2937528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-14 198160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Photo Album 7\CorelIOMonitor.exe" [2008-08-02 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" [2008-08-02 481608]

c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2006-6-5 21504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-18 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51   177440   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-23 03:16   141608   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08   417792   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />:65,3b,04,4b,3e,e3,c9,01

R2 gupdate1c994b5daf4fd90;Google Update Service (gupdate1c994b5daf4fd90);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-30 835208]
R3 cpuz130;cpuz130;c:\users\Jamie\AppData\Local\Temp\cpuz130\cpuz_x32.sys
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 06:21]

2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 06:21]

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 19:22]

2010-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 19:22]

2010-05-30 c:\windows\Tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/p/3.html
uInternet Settings,ProxyOverride = <local>
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: k12.ca.us\parentconnect.luhsd
Trusted Zone: tenderfoot.com
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
.
- - - - ORPHANS REMOVED - - - -

Notify-GoToAssist - c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe



**************************************************************************
scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2996)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-05-30  11:34:59 - machine was rebooted
ComboFix-quarantined-files.txt  2010-05-30 18:34

Pre-Run: 74,715,967,488 bytes free
Post-Run: 74,671,726,592 bytes free

- - End Of File - - 02798CBDE83E32027674A8E2A1DDA61D
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on June 01, 2010, 09:31:08 PM
Sorry for the delay
How is everything running now?
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on June 02, 2010, 08:40:37 PM
Everything seems to be back to normal now....thanks sooo much for all of your help.  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on June 29, 2010, 02:56:48 PM
[quote name='jme' date='02 June 2010 - 08:40 PM' timestamp='1275529237' post='469761']
Everything seems to be back to normal now....thanks sooo much for all of your help.  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
[/quote]

Well, I thought things were back to normal.....UGH /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> It seems that things are slowing down and I am unable to access a webpage that everyone else can, just not my computer or any other computer in my network. Contacted my ISP and they said I possibly had a worm and wanted to charge me $129+ to fix it. I ran a network diagnotic and said that was unable to connect to dns that server was pinged but didn't get a response back, to contact my isp. I sure hope this is a simple fix, and not something that was overlooked from my previous incident. Here's my hijackthis log.......any help you can offer is greatly appreciated....again.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:43 PM, on 6/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Meebo Notifier] "C:\Users\Jamie\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" /startup
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: http://*.tenderfoot.com
O16 - DPF: Photobucket Publisher - http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://www.yougamers.com/systeminfo/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c994b5daf4fd90) (gupdate1c994b5daf4fd90) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13084 bytes
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 03, 2010, 11:56:11 AM
Sorry for the delay, if you still need a hand, please do the following
Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 05, 2010, 08:22:20 PM
OTL logfile created on: 7/5/2010 6:15:30 PM - Run 2
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 62.98 Gb Free Space | 46.15% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 135.41 Gb Free Space | 90.85% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMIE-LAPTOP
Current User Name: Jamie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2010/02/26 11:38:15 | 000,027,648 | ---- | M] () -- C:\Program Files\Electronic Arts\EADM\EADownloadManager\EADownloadManager.exe
PRC - [2010/02/25 20:37:54 | 000,124,208 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
PRC - [2010/02/14 02:14:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/21 23:23:14 | 001,577,984 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/07 17:45:22 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/01 21:29:20 | 000,037,888 | R--- | M] () -- C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 11:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/04/17 21:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/17 20:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/03 15:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 15:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/08 16:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/06/05 02:18:54 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
MOD - [2009/09/24 19:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/10 23:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/10/08 13:04:48 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (stllssvr)
SRV - File not found [On_Demand | Stopped] --  -- (LiveUpdate)
SRV - File not found [Auto | Stopped] --  -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] --  -- (Automatic LiveUpdate Scheduler)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/08/29 18:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/03/26 15:59:50 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/07 11:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009/10/21 23:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/21 23:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/06/09 07:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/18 20:13:15 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/10/18 20:13:15 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/10/18 20:13:15 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/07 11:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/12 17:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/21 12:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/27 00:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 00:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 00:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/06 18:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 16:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 16:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 19:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 19:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2008/12/15 18:02:06 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010/05/30 11:24:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Meebo Notifier] C:\Users\Jamie\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe (Meebo, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: k12.ca.us ([parentconnect.luhsd] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tenderfoot.com ([]http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Photobucket Publisher http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/04/20 13:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/26 21:03:00 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/04/20 13:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/06/29 13:00:29 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/06/29 11:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/29 11:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 11:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/29 11:41:25 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010/06/29 11:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/29 11:40:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/29 10:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Motive
[2010/06/29 10:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/29 10:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/06/29 10:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2010/06/27 18:32:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Custard
[2010/06/27 13:49:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\monkey bars
[2010/06/27 12:59:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Sims 3 Dashboard Tool
[2010/06/25 10:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/24 11:09:31 | 136,931,926 | ---- | C] (Acresso Software Inc.) -- C:\Users\Jamie\Desktop\Create A Pattern.exe
[2010/06/23 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Updater5
[2010/06/23 03:00:24 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/23 03:00:24 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/23 03:00:24 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/23 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\wp-issuu
[2010/06/22 21:56:46 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/22 21:56:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/19 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Windows Server
[2010/06/13 12:03:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\CC Archived
[2010/06/12 23:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Meebo
[2010/06/12 23:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Meebo
[2010/06/10 22:42:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/10 22:42:25 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/10 22:42:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/10 22:42:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/10 22:42:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/10 22:42:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/10 22:42:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/10 22:42:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/10 22:42:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/10 22:42:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/10 22:42:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/10 22:42:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/10 22:42:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/10 22:42:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/10 22:42:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/10 22:42:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/10 22:42:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/10 22:42:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/10 22:42:06 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/08 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Smilebox
[2010/06/08 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\My Smilebox Creations
[2010/06/08 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Smilebox
[2010/06/07 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\gtk-2.0
[2010/06/07 15:22:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\.thumbnails
[2010/06/07 15:20:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\gegl-0.0
[2010/06/07 15:20:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\.gimp-2.6
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/05 18:15:39 | 004,194,304 | -HS- | M] () -- C:\Users\Jamie\ntuser.dat
[2010/07/05 18:14:38 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
[2010/07/05 18:02:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/05 17:58:11 | 000,030,806 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/07/05 17:56:53 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/05 17:56:53 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/05 17:56:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/05 17:02:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/05 16:43:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/05 16:43:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/04 00:12:42 | 000,004,020 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\wklnhst.dat
[2010/07/01 10:30:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/06/30 10:50:34 | 002,560,720 | ---- | M] () -- C:\Users\Jamie\Desktop\CX-hair_peggyzone_hairmesh05399_fx7.rar
[2010/06/29 20:31:22 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/29 20:31:22 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/29 20:31:22 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/29 12:41:59 | 000,002,523 | ---- | M] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2010/06/29 12:02:23 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/29 11:46:45 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/29 11:36:28 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/29 11:31:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/29 11:30:18 | 000,524,288 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 11:30:18 | 000,065,536 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/06/29 11:26:37 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/06/29 10:24:22 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Self Support Tool.lnk
[2010/06/27 02:05:01 | 000,047,616 | ---- | M] () -- C:\Users\Jamie\Documents\Meet Brody.wps
[2010/06/24 23:44:42 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/24 11:09:31 | 136,931,926 | ---- | M] (Acresso Software Inc.) -- C:\Users\Jamie\Desktop\Create A Pattern.exe
[2010/06/23 14:01:15 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/06/22 23:56:44 | 000,436,666 | ---- | M] () -- C:\Users\Jamie\Desktop\wp-issuu.1.31.zip
[2010/06/22 20:23:01 | 000,128,281 | ---- | M] () -- C:\Users\Jamie\Desktop\Simatography Cover.jpg
[2010/06/20 00:50:57 | 000,001,672 | ---- | M] () -- C:\Users\Jamie\Desktop\CCleaner.lnk
[2010/06/12 23:17:19 | 000,001,070 | ---- | M] () -- C:\Users\Jamie\Desktop\Meebo Notifier.lnk
[2010/06/12 03:18:16 | 000,022,528 | ---- | M] () -- C:\Users\Jamie\Documents\Meet Jane.wps
[2010/06/11 10:55:35 | 000,324,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/08 19:05:20 | 000,150,895 | ---- | M] () -- C:\Users\Jamie\Desktop\RunwayMid-1.jpg
[2010/06/08 18:15:42 | 000,001,818 | ---- | M] () -- C:\Users\Jamie\Desktop\Smilebox.lnk
[2010/06/08 17:49:46 | 000,001,535 | ---- | M] () -- C:\Users\Jamie\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2010/06/30 10:50:32 | 002,560,720 | ---- | C] () -- C:\Users\Jamie\Desktop\CX-hair_peggyzone_hairmesh05399_fx7.rar
[2010/06/29 11:51:15 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/29 11:46:45 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/06/29 11:36:28 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/06/29 10:24:22 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\AT&T Self Support Tool.lnk
[2010/06/24 23:44:42 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/23 00:22:28 | 000,128,281 | ---- | C] () -- C:\Users\Jamie\Desktop\Simatography Cover.jpg
[2010/06/22 23:56:43 | 000,436,666 | ---- | C] () -- C:\Users\Jamie\Desktop\wp-issuu.1.31.zip
[2010/06/12 23:17:19 | 000,001,070 | ---- | C] () -- C:\Users\Jamie\Desktop\Meebo Notifier.lnk
[2010/06/11 23:18:46 | 000,022,528 | ---- | C] () -- C:\Users\Jamie\Documents\Meet Jane.wps
[2010/06/08 19:05:20 | 000,150,895 | ---- | C] () -- C:\Users\Jamie\Desktop\RunwayMid-1.jpg
[2010/06/08 18:15:42 | 000,001,818 | ---- | C] () -- C:\Users\Jamie\Desktop\Smilebox.lnk
[2010/06/08 17:49:46 | 000,001,535 | ---- | C] () -- C:\Users\Jamie\.recently-used.xbel
[2010/03/10 12:38:01 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/02/14 02:16:27 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/02 14:44:59 | 000,000,737 | ---- | C] () -- C:\Windows\XMLEditor31.INI
[2009/06/01 21:21:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2009/01/03 14:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/12/24 14:52:37 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/10/18 20:13:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/18 12:34:33 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 15:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/09/15 15:40:22 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002/02/27 18:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\TS-L632H_D300[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\A103[1]:Roxio EMC Stream
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2DAD076E
< End of report >


OTL Extras logfile created on: 7/5/2010 6:15:30 PM - Run 2
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 62.98 Gb Free Space | 46.15% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 135.41 Gb Free Space | 90.85% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMIE-LAPTOP
Current User Name: Jamie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3735139638-2560936700-551537903-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FCD136F6-1108-4477-B2C0-980C928D4489}" = lport=58610 | protocol=6 | dir=in | name=pandorest listening port |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079F2CF9-8F69-4911-A17D-809E6EDB496B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0D5B398F-5AA9-47D3-8063-AED9D24564DE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1C9EAF96-3FB4-48E5-B30E-D68EA1EE2BCD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3C2BB211-0E22-462F-94B1-0B8776CFC166}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3E85D960-982F-487D-B0BA-CBA2C307A2CC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{40A9F5E1-4047-4661-9536-6F334BA9F0BB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{412A34CC-B69C-415D-BBF3-7AED8F38BB37}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{46D17623-4257-435F-934C-0D62E5F77485}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{58FA92E5-AE86-40FD-B969-97371090DDDC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5DCF5A6A-67BF-47B4-82AE-1B49EE4AF1CA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7377C453-2F28-4196-B688-4BB9B07B2C38}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DD68E26-ADBB-4292-B6C5-60F7B00E5177}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{811E792D-8715-49C6-8DAE-E089396EFAE2}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{900EECAB-EB64-41DC-A1D3-AA1D2622474C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{92E88F79-5149-4C08-9092-4F4687D2275C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A213B746-62A3-41E7-BA7C-6A8C3F381CD8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{A3506129-3D91-41D2-BA02-7BDA6653B31D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{BB68E4FA-FF82-4519-9B2E-15E93D5036B5}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{CE765623-6F74-4A42-B893-34888F41C440}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3627908-814E-4837-AE5B-27653742ED51}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8FF8C28-7A25-48ED-BDA3-A23B4282ADA5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F4390AE9-FF95-4A7D-A145-301D6A01AE60}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FBB00A5F-B5F6-4189-BC31-A2142EF4C128}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2EDC0C39-9F9F-461F-9C43-3D51B58B4C87}" = REALVIZ StitcherEZ ACD
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel Photo Album 7
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{5BBADAF1-6971-44AF-BDEC-AC92DC7D90D1}" = Corel Clip Art
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6008687-A12B-47AC-8752-6FD9E735FFB0}" = Sims 3 Workshop
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATT-SST" = AT&T Self Support Tool
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EA Download Manager" = EA Download Manager
"GoToAssist" = GoToAssist 8.0.0.480
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 05, 2010, 08:23:40 PM
OTL Extras logfile created on: 7/5/2010 6:15:30 PM - Run 2
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 62.98 Gb Free Space | 46.15% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 135.41 Gb Free Space | 90.85% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMIE-LAPTOP
Current User Name: Jamie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3735139638-2560936700-551537903-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FCD136F6-1108-4477-B2C0-980C928D4489}" = lport=58610 | protocol=6 | dir=in | name=pandorest listening port |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079F2CF9-8F69-4911-A17D-809E6EDB496B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0D5B398F-5AA9-47D3-8063-AED9D24564DE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1C9EAF96-3FB4-48E5-B30E-D68EA1EE2BCD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3C2BB211-0E22-462F-94B1-0B8776CFC166}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3E85D960-982F-487D-B0BA-CBA2C307A2CC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{40A9F5E1-4047-4661-9536-6F334BA9F0BB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{412A34CC-B69C-415D-BBF3-7AED8F38BB37}" = protocol=6 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{46D17623-4257-435F-934C-0D62E5F77485}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{58FA92E5-AE86-40FD-B969-97371090DDDC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5DCF5A6A-67BF-47B4-82AE-1B49EE4AF1CA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7377C453-2F28-4196-B688-4BB9B07B2C38}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7DD68E26-ADBB-4292-B6C5-60F7B00E5177}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{811E792D-8715-49C6-8DAE-E089396EFAE2}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{900EECAB-EB64-41DC-A1D3-AA1D2622474C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{92E88F79-5149-4C08-9092-4F4687D2275C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A213B746-62A3-41E7-BA7C-6A8C3F381CD8}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{A3506129-3D91-41D2-BA02-7BDA6653B31D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{BB68E4FA-FF82-4519-9B2E-15E93D5036B5}" = protocol=17 | dir=in | app=c:\program files\opencase\opencase media agent\pandobinaries\nbcpandorest.exe |
"{CE765623-6F74-4A42-B893-34888F41C440}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3627908-814E-4837-AE5B-27653742ED51}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E8FF8C28-7A25-48ED-BDA3-A23B4282ADA5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{F4390AE9-FF95-4A7D-A145-301D6A01AE60}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FBB00A5F-B5F6-4189-BC31-A2142EF4C128}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2EDC0C39-9F9F-461F-9C43-3D51B58B4C87}" = REALVIZ StitcherEZ ACD
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel Photo Album 7
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{5BBADAF1-6971-44AF-BDEC-AC92DC7D90D1}" = Corel Clip Art
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6008687-A12B-47AC-8752-6FD9E735FFB0}" = Sims 3 Workshop
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}" = Garmin Communicator Plugin
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATT-SST" = AT&T Self Support Tool
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EA Download Manager" = EA Download Manager
"GoToAssist" = GoToAssist 8.0.0.480
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Pixillion" = Pixillion Image Converter
"RealPlayer 12.0" = RealPlayer
"Switch" = Switch Sound File Converter
"SystemRequirementsLab" = System Requirements Lab
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Yahoo! Applications" = AT&T Yahoo! Applications
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Meebo Notifier" = Meebo Notifier
"Move Media Player" = Move Media Player
"Smilebox" = Smilebox
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 05, 2010, 10:32:26 PM
If you still have a copy of ComboFix on desktop, please delete it as it's outdated, then again do the following
Download ComboFix from ONLY this location

[color="#0000FF"]Link[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")

[color="#FF0000"]Save it ONLY to your Desktop[/color]


      --------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

# WARNING:  Combofix will disconnect your machine from the Internet as soon as it starts
# Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
# If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 05, 2010, 11:46:50 PM
ComboFix 10-07-04.04 - Jamie 07/05/2010  21:31:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1974 [GMT -7:00]
Running from: c:\users\Jamie\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Jamie\AppData\Local\Windows Server

.
(((((((((((((((((((((((((   Files Created from 2010-06-06 to 2010-07-06  )))))))))))))))))))))))))))))))
.

2010-07-06 04:38 . 2010-07-06 04:39   --------   d-----w-   c:\users\Jamie\AppData\Local\temp
2010-07-06 04:38 . 2010-07-06 04:38   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-07-06 04:38 . 2010-07-06 04:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-06-29 20:00 . 2010-06-29 23:07   --------   d-----w-   c:\windows\BDOSCAN8
2010-06-29 18:50 . 2010-06-29 18:50   --------   d-----w-   c:\program files\iPod
2010-06-29 18:50 . 2010-06-29 18:51   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-29 18:46 . 2010-06-29 18:47   --------   d-----w-   c:\program files\QuickTime
2010-06-29 18:41 . 2010-06-29 18:42   --------   d-----w-   c:\windows\LastGood
2010-06-29 18:40 . 2010-06-29 18:40   --------   d-----w-   c:\program files\Bonjour
2010-06-29 18:38 . 2010-06-29 18:38   72504   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-29 18:34 . 2010-06-29 18:34   71992   ----a-w-   c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-29 17:25 . 2010-06-29 17:25   --------   d-----w-   c:\users\Jamie\AppData\Roaming\Motive
2010-06-29 17:23 . 2010-06-29 17:23   --------   d-----w-   c:\program files\Common Files\Motive
2010-06-29 17:23 . 2010-06-29 17:23   --------   d-----w-   c:\programdata\Motive
2010-06-29 17:22 . 2010-06-29 17:24   --------   d-----w-   c:\program files\ATT-SST
2010-06-27 20:36 . 2010-06-27 20:35   53632   ----a-w-   c:\users\Jamie\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-25 17:01 . 2010-06-25 17:01   --------   d-----w-   c:\program files\Microsoft.NET
2010-06-23 10:00 . 2009-11-08 17:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-23 10:00 . 2009-11-08 17:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-23 10:00 . 2009-11-08 17:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-23 10:00 . 2009-11-08 17:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-23 10:00 . 2009-11-08 17:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-23 04:56 . 2010-04-16 16:43   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-06-23 04:56 . 2010-04-16 14:39   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-13 06:17 . 2010-06-13 06:17   --------   d-----w-   c:\users\Jamie\AppData\Roaming\Meebo
2010-06-13 06:17 . 2010-06-13 06:17   --------   d-----w-   c:\users\Jamie\AppData\Local\Meebo
2010-06-09 01:20 . 2010-06-09 01:20   --------   d-----w-   c:\users\Jamie\AppData\Local\Smilebox
2010-06-09 01:15 . 2010-06-09 01:15   59313   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\uninstall.exe
2010-06-09 01:15 . 2010-06-23 20:55   --------   d-----w-   c:\users\Jamie\AppData\Roaming\Smilebox
2010-06-07 22:27 . 2010-06-09 00:49   --------   d-----w-   c:\users\Jamie\AppData\Roaming\gtk-2.0
2010-06-07 22:22 . 2010-06-07 22:22   --------   d-----w-   c:\users\Jamie\.thumbnails
2010-06-07 22:20 . 2010-06-09 00:59   --------   d-----w-   c:\users\Jamie\.gimp-2.6

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 04:16 . 2009-07-26 05:36   27839   ----a-w-   c:\programdata\nvModes.dat
2010-07-04 07:12 . 2007-11-05 18:23   4020   ----a-w-   c:\users\Jamie\AppData\Roaming\wklnhst.dat
2010-07-02 02:30 . 2010-04-04 18:18   439816   ----a-w-   c:\users\Jamie\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-06-29 19:02 . 2008-02-01 07:37   --------   d-----w-   c:\users\Jamie\AppData\Roaming\Apple Computer
2010-06-29 18:51 . 2009-04-08 17:59   --------   d-----w-   c:\program files\iTunes
2010-06-29 18:50 . 2008-02-01 07:35   --------   d-----w-   c:\program files\Common Files\Apple
2010-06-29 18:36 . 2010-01-28 19:04   --------   d-----w-   c:\program files\Safari
2010-06-29 18:26 . 2007-10-18 19:20   1076   ----a-w-   c:\windows\bthservsdp.dat
2010-06-27 20:36 . 2010-01-22 19:05   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-06-27 20:35 . 2010-01-22 19:05   53632   ----a-w-   c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-25 06:44 . 2007-10-18 19:28   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-06-23 21:01 . 2010-03-10 19:38   952   --sha-w-   c:\windows\system32\KGyGaAvL.sys
2010-06-20 07:50 . 2008-02-11 03:53   --------   d-----w-   c:\program files\CCleaner
2010-06-20 00:15 . 2008-12-13 20:27   --------   d-----w-   c:\program files\McAfee
2010-06-11 17:53 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-06-05 16:59 . 2010-01-30 22:12   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-05-30 06:02 . 2010-05-30 06:02   388096   ----a-r-   c:\users\Jamie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-30 05:44 . 2010-02-06 02:39   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-29 16:09 . 2010-03-30 08:19   --------   d-----w-   c:\programdata\PMB Files
2010-05-29 05:06 . 2010-05-29 04:15   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-05-29 04:17 . 2010-05-29 04:15   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-05-28 21:08 . 2010-05-28 21:08   --------   d-----w-   c:\program files\Trend Micro
2010-05-26 17:06 . 2010-06-11 05:42   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 05:42   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-20 09:11 . 2010-05-14 06:24   304448   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\SmileboxTray.exe
2010-05-18 23:35 . 2010-05-18 23:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-14 06:24 . 2010-05-14 06:24   230720   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\SmileboxDvd.exe
2010-05-14 06:24 . 2010-05-13 23:09   410944   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\SmileboxStarter.exe
2010-05-14 06:24 . 2010-05-13 22:21   169280   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2010-05-14 06:09 . 2010-05-14 06:09   1635648   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\SmileboxClient.exe
2010-05-14 05:21 . 2010-05-14 05:21   365888   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2010-05-14 05:21 . 2010-05-14 05:21   140608   ----a-w-   c:\users\Jamie\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2010-05-08 17:00 . 2007-10-18 19:53   --------   d-----w-   c:\program files\Google
2010-05-04 05:59 . 2010-06-11 05:42   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 05:42   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 05:42   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 05:42   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-11 05:42   2037248   ----a-w-   c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2010-02-06 02:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-02-06 02:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-24 23:02 . 2010-04-24 23:02   690952   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 14:13 . 2010-05-30 18:34   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 04:56   173056   ----a-w-   c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 04:56   458752   ----a-w-   c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 04:56   542720   ----a-w-   c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 04:56   2159616   ----a-w-   c:\windows\AppPatch\AcGenral.dll
2007-10-19 03:13 . 2007-10-19 03:06   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-30 2937528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Meebo Notifier"="c:\users\Jamie\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe" [2010-05-28 802504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-04-18 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-06-09 96800]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-14 198160]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Photo Album 7\CorelIOMonitor.exe" [2008-08-02 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe" [2008-08-02 481608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2006-6-5 21504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-18 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 22:51   177440   ----a-w-   c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 23:33   141624   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />:65,3b,04,4b,3e,e3,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3735139638-2560936700-551537903-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c994b5daf4fd90;Google Update Service (gupdate1c994b5daf4fd90);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-30 835208]
R3 cpuz130;cpuz130;c:\users\Jamie\AppData\Local\Temp\cpuz130\cpuz_x32.sys
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-08-29 73728]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 06:21]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 06:21]

2010-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 19:22]

2010-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 19:22]

2010-07-06 c:\windows\Tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/p/3.html
uInternet Settings,ProxyOverride = <local>;*.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: k12.ca.us\parentconnect.luhsd
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: tenderfoot.com
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 21:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(8088)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
Completion time: 2010-07-05  21:42:10
ComboFix-quarantined-files.txt  2010-07-06 04:42
ComboFix2.txt  2010-05-30 18:34

Pre-Run: 67,996,798,976 bytes free
Post-Run: 67,780,800,512 bytes free

- - End Of File - - 238AEC911ACD8DF897CCFE70A4CD57CA
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 05, 2010, 11:53:58 PM
Are you still having problems?
How are things now running?
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 11, 2010, 02:23:08 PM
Sorry I waited so long for responding, I wanted to give it a few days to see how things were working. I really appreciate all of your help.There is still a little lag, kind of like something's sticking when opening files and programs on my hardrive and also on the net. Not sure if that is something to worry about or not, but just thought I'd mention it. /huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 11, 2010, 03:04:39 PM
Download DDS and save it to your desktop from [color="#FF0000"]here[/color] (http://"http://download.bleepingcomputer.com/sUBs/dds.scr")
Disable any script blocker, and then right  click  on dds.scr and choose to "Run as Admin"
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to this topic.
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 11, 2010, 03:44:54 PM
DDS (Ver_10-03-17.01) - NTFSx86  
Run by Jamie at 13:38:50.43 on Sun 07/11/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2044 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
C:\Program Files\Electronic Arts\EADM\EADownloadManager\EADownloadManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Jamie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/p/3.html
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Meebo Notifier] "c:\users\jamie\appdata\local\meebo\meebo notifier\MeeboNotifier.exe" /startup
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Corel File Shell Monitor] c:\program files\corel\corel photo album 7\CorelIOMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Corel Photo Downloader] "c:\program files\corel\corel photo album 7\Corel Photo Downloader.exe" -startup
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
Trusted Zone: k12.ca.us\parentconnect.luhsd
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
Trusted Zone: tenderfoot.com
DPF: Photobucket Publisher - hxxp://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-13 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-15 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-13 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-13 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-13 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-13 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-13 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-13 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-13 40552]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c994b5daf4fd90;Google Update Service (gupdate1c994b5daf4fd90);c:\program files\google\update\GoogleUpdate.exe [2009-2-21 133104]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-5 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-13 34248]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-07-10 21:48:32   647168   ----a-w-   c:\windows\system32\aestecap.dll
2010-07-10 21:48:32   1601536   ----a-w-   c:\windows\system32\stlang.dll
2010-07-10 21:48:32   131072   ----a-w-   c:\windows\system32\aestacap.dll
2010-07-10 21:48:32   102400   ----a-w-   c:\windows\system32\stacsv.exe
2010-07-10 21:48:31   4947968   ----a-w-   c:\windows\system32\stacgui.cpl
2010-07-10 21:44:55   330240   ----a-w-   c:\windows\system32\drivers\stwrt.sys
2010-07-10 21:44:54   595456   ----a-w-   c:\windows\system32\stapo.dll
2010-07-10 21:44:54   328704   ----a-w-   c:\windows\system32\stcplx.dll
2010-07-10 21:44:54   299520   ----a-w-   c:\windows\system32\stapi32.dll
2010-07-10 21:44:53   146944   ----a-w-   c:\windows\system32\st325614.dll
2010-07-09 23:28:42   116840   ----a-w-   c:\windows\hpqins00.dat
2010-07-09 23:20:52   0   d-----w-   c:\program files\HP
2010-07-09 23:17:42   0   d-----w-   c:\programdata\HP
2010-07-06 04:41:29   0   dcsh--w-   C:\$RECYCLE.BIN
2010-07-06 04:28:32   77312   ----a-w-   c:\windows\MBR.exe
2010-07-06 04:28:29   98816   ----a-w-   c:\windows\sed.exe
2010-07-06 04:28:29   256512   ----a-w-   c:\windows\PEV.exe
2010-07-06 04:28:29   161792   ----a-w-   c:\windows\SWREG.exe
2010-06-29 18:50:09   0   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-29 18:40:12   0   d-----w-   c:\program files\Bonjour
2010-06-29 17:23:07   0   d-----w-   c:\program files\common files\Motive
2010-06-29 17:23:02   0   d-----w-   c:\programdata\Motive
2010-06-23 10:00:24   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-23 10:00:24   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-23 10:00:24   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-23 10:00:24   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-23 10:00:24   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-23 04:56:46   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-23 04:56:46   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-06-13 06:17:19   0   d-----w-   c:\users\jamie\appdata\roaming\Meebo

==================== Find3M  ====================

2010-07-11 18:44:14   31871   ----a-w-   c:\programdata\nvModes.dat
2010-07-10 21:57:58   2979   ----a-w-   c:\windows\bthservsdp.dat
2010-07-10 21:48:05   51200   ----a-w-   c:\windows\inf\infpub.dat
2010-07-10 21:48:05   143360   ----a-w-   c:\windows\inf\infstrng.dat
2010-07-10 21:48:01   143360   ----a-w-   c:\windows\inf\infstor.dat
2010-07-04 07:12:42   4020   ----a-w-   c:\users\jamie\appdata\roaming\wklnhst.dat
2010-05-26 17:06:41   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:47:41   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-18 23:35:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 23:35:16   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-04 05:59:21   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55:42   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 05:55:42   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48   2037248   ----a-w-   c:\windows\system32\win32k.sys
2010-04-23 14:13:55   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-01-23 11:23:59   665600   ----a-w-   c:\windows\inf\drvindex.dat
2008-05-25 22:53:26   174   --sha-w-   c:\program files\desktop.ini
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02   30674   ----a-w-   c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02   287440   ----a-w-   c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21   287440   ----a-w-   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19   30674   ----a-w-   c:\windows\inf\perflib\0000\perfc.dat
2010-03-18 23:40:11   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-18 23:40:11   16384   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-18 23:40:11   32768   --sha-w-   c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-18 16:37:31   245760   --sha-w-   c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-10-19 03:13:16   8192   --sha-w-   c:\windows\users\default\NTUSER.DAT

============= FINISH: 13:40:04.35 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/18/2007 12:20:45 PM
System Uptime: 7/10/2010 2:58:47 PM (23 hours ago)

Motherboard: Dell Inc. |  | 0UK437
Processor: Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz | Microprocessor | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 65.271 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 134.859 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 5.872 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0027
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0027
Service: tunnel

==== System Restore Points ===================

RP781: 7/8/2010 7:28:00 PM - Installed The Sims 3 Ambitions
RP782: 7/8/2010 7:29:21 PM - Installed The Sims 3
RP783: 7/9/2010 12:39:22 PM - Removed Apple Mobile Device Support
RP784: 7/9/2010 12:41:23 PM - Removed Apple Software Update
RP785: 7/9/2010 12:43:10 PM - Removed Apple Application Support
RP786: 7/9/2010 12:45:46 PM - Removed iTunes
RP787: 7/9/2010 12:50:12 PM - Removed Safari
RP788: 7/9/2010 4:21:02 PM - Device Driver Package Install: Hewlett-Packard IEEE 1284.4 compatible printer
RP789: 7/9/2010 4:21:36 PM - Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
RP790: 7/9/2010 4:30:59 PM - Installed 32 Bit HP CIO Components Installer
RP791: 7/9/2010 4:37:43 PM - Removed Apple Mobile Device Support
RP792: 7/9/2010 5:51:47 PM - Removed HP Update
RP793: 7/10/2010 2:45:47 PM - Device Driver Package Install: SigmaTel Sound, video and game controllers
RP795: 7/10/2010 2:49:30 PM - Configured SigmaTel Audio

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2
Adobe® Photoshop® Album Starter Edition 3.2
AT&T Yahoo! Applications
Banctec Service Agreement
Bonjour
Broadcom Management Programs
CCleaner
CleanUp!
Conexant HDA D330 MDC V.92 Modem
Corel Clip Art
Corel Photo Album 7
Coupon Printer for Windows
Dell DataSafe Online
Dell Driver Download Manager
Dell System Customization Wizard
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
EA Download Manager
EA Download Manager UI
Facebook Plug-In
Futuremark SystemInfo
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.480
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Jasc Paint Shop Photo Album 5
Java(TM) SE Runtime Environment 6
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MediaDirect
Meebo Notifier
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Modem Diagnostic Tool
Move Media Player
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
NVIDIA Drivers
OpenCASE Media Agent
OutlookAddinSetup
Pando Media Booster
Pixillion Image Converter
Product Documentation Launcher
QuickSet
QuickTime
RealPlayer
REALVIZ StitcherEZ ACD
SigmaTel Audio
Sims 3 Workshop
Smilebox
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Switch Sound File Converter
System Requirements Lab
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Create a Pattern Tool
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 World Adventures
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
URL Assistant
User's Guides
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Installer Clean Up
Windows Live OneCare safety scanner
WinRAR archiver
Yahoo! BrowserPlus 2.7.1

==== Event Viewer Messages From Past Week ========

7/9/2010 5:59:42 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the OpenCASE Media Agent service to connect.
7/9/2010 5:59:42 PM, Error: Service Control Manager [7000]  - The OpenCASE Media Agent service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/9/2010 5:59:09 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee SystemGuards service to connect.
7/9/2010 5:59:09 PM, Error: Service Control Manager [7000]  - The McAfee SystemGuards service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/9/2010 5:17:25 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Ts3 effects small - Notepad, owned by Jamie, failed to print on printer HP Photosmart 8200 Series. Try to print the document again, or restart the print spooler.  Data type: NT EMF 1.008. Size of the spool file in bytes: 5424. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JAMIE-LAPTOP. Win32 error code returned by the print processor: 67. The network name cannot be found.
7/9/2010 5:08:34 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Test Page, owned by Jamie, failed to print on printer HP Photosmart 8200 Series. Try to print the document again, or restart the print spooler.  Data type: NT EMF 1.008. Size of the spool file in bytes: 114932. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JAMIE-LAPTOP. Win32 error code returned by the print processor: 67. The network name cannot be found.
7/9/2010 5:03:36 PM, Error: Microsoft-Windows-PrintSpooler [6161]  - The document Test Page, owned by Jamie, failed to print on printer HP Photosmart 8200 Series. Try to print the document again, or restart the print spooler.  Data type: NT EMF 1.008. Size of the spool file in bytes: 114804. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client computer: \\JAMIE-LAPTOP. Win32 error code returned by the print processor: 67. The network name cannot be found.
7/9/2010 4:39:30 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/9/2010 4:36:13 PM, Error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
7/8/2010 9:29:27 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
7/8/2010 10:37:50 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
7/5/2010 9:39:15 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
7/5/2010 9:31:08 PM, Error: Service Control Manager [7034]  - The Dell Wireless WLAN Tray Service service terminated unexpectedly.  It has done this 1 time(s).
7/5/2010 9:30:54 PM, Error: Service Control Manager [7034]  - The XAudioService service terminated unexpectedly.  It has done this 1 time(s).
7/11/2010 11:43:54 AM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
7/11/2010 1:39:28 PM, Error: Service Control Manager [7031]  - The OpenCASE Media Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
7/10/2010 3:00:28 PM, Error: Service Control Manager [7000]  - The Automatic LiveUpdate Scheduler service failed to start due to the following error:  The system cannot find the file specified.

==== End Of File ===========================
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 11, 2010, 09:24:16 PM
Can you run a couple tools,
First, Please download TFC by Old Timer and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it.
NOTE: If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately.

Back in Windows
   1. Go to [color="#4169E1"]this page[/color] (http://"http://support.kaspersky.com/viruses/solutions?qid=208280684") and Download TDSSKiller.zip to your Desktop.
   2. Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
   3. Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

      "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

   4. If TDSSKiller alerts you that the system needs to reboot, please consent.
   5. When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Additionally, temporarily disasble your realtime protections with AntiVirus and Antispyware
then go to the following link
Go to the following link [color="#0000FF"]ESET Online Scanner[/color] (http://"http://www.eset.com/onlinescan/")[/url]
Note: You will need to use Internet Explorer for this scan
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 12, 2010, 12:50:54 AM
21:27:23:453 5920   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:27:23:453 5920   ================================================================================
21:27:23:453 5920   SystemInfo:

21:27:23:453 5920   OS Version: 6.0.6002 ServicePack: 2.0
21:27:23:453 5920   Product type: Workstation
21:27:23:453 5920   ComputerName: JAMIE-LAPTOP
21:27:23:453 5920   UserName: Jamie
21:27:23:453 5920   Windows directory: C:\Windows
21:27:23:453 5920   System windows directory: C:\Windows
21:27:23:453 5920   Processor architecture: Intel x86
21:27:23:453 5920   Number of processors: 2
21:27:23:453 5920   Page size: 0x1000
21:27:23:453 5920   Boot type: Normal boot
21:27:23:453 5920   ================================================================================
21:27:24:092 5920   Initialize success
21:27:24:092 5920   
21:27:24:092 5920   Scanning   Services ...
21:27:25:340 5920   Raw services enum returned 464 services
21:27:25:356 5920   
21:27:25:356 5920   Scanning   Drivers ...
21:27:26:853 5920   ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:27:26:994 5920   adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:27:27:197 5920   adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:27:27:493 5920   adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:27:27:696 5920   adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:27:27:961 5920   AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
21:27:28:179 5920   agp440          (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:27:28:382 5920   aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:27:28:601 5920   aliide          (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
21:27:28:772 5920   amdagp          (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:27:28:991 5920   amdide          (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
21:27:29:303 5920   AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:27:29:677 5920   AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:27:29:786 5920   ApfiltrService  (36ab14bfe3dcf3c848acd1e3810f9cda) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:27:30:005 5920   arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:27:30:395 5920   arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:27:30:691 5920   AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:30:894 5920   atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:27:31:190 5920   BCM43XX         (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:27:31:362 5920   bcm4sbxp        (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:27:31:674 5920   Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:27:31:877 5920   bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
21:27:31:986 5920   BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:27:32:033 5920   BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:27:32:048 5920   Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:27:32:079 5920   BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:27:32:126 5920   BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:27:32:173 5920   BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:27:32:235 5920   BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:27:32:282 5920   BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
21:27:32:579 5920   BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:27:33:000 5920   BTHPORT         (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
21:27:33:312 5920   BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
21:27:33:515 5920   btwaudio        (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
21:27:33:733 5920   btwavdt         (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
21:27:34:092 5920   btwrchid        (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
21:27:34:872 5920   cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:27:34:997 5920   cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:27:35:059 5920   circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:27:35:153 5920   CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:27:35:574 5920   CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:27:35:683 5920   cmdide          (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
21:27:36:089 5920   Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:27:36:806 5920   crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:27:36:900 5920   Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:27:36:962 5920   DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
21:27:36:993 5920   disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:27:37:056 5920   drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:27:37:446 5920   DXGKrnl         (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
21:27:37:555 5920   e1express       (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
21:27:37:695 5920   E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:27:38:210 5920   Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:27:38:600 5920   elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:27:38:647 5920   ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
21:27:38:709 5920   exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:27:38:756 5920   fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:27:38:803 5920   fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:27:38:881 5920   FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:27:38:943 5920   Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:27:38:990 5920   flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:27:39:037 5920   FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:27:39:068 5920   Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:27:39:115 5920   gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:27:39:193 5920   GEARAspiWDM     (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:27:39:240 5920   HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:27:39:287 5920   HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:27:39:365 5920   HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
21:27:39:396 5920   HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:27:39:443 5920   HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:27:39:458 5920   HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:27:39:521 5920   HSF_DPV         (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:27:39:567 5920   HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:27:39:614 5920   HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:27:39:692 5920   i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:27:39:755 5920   i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:27:39:817 5920   iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
21:27:39:848 5920   iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:27:39:895 5920   iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:27:39:957 5920   intelide        (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
21:27:40:020 5920   intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:27:40:067 5920   IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:40:113 5920   IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:27:40:160 5920   IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:27:40:223 5920   IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:27:40:254 5920   isapnp          (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:27:40:301 5920   iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:27:40:347 5920   iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:27:40:379 5920   iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:27:40:425 5920   kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:27:40:488 5920   kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:27:40:550 5920   klmd23          (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys
21:27:40:581 5920   KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
21:27:40:613 5920   lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:27:40:659 5920   LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:27:40:691 5920   LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:27:40:722 5920   LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:27:40:753 5920   luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:27:40:800 5920   mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:27:40:847 5920   megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:27:40:893 5920   mfeavfk         (bafdd5e28baea99d7f4772af2f5ec7ee) C:\Windows\system32\drivers\mfeavfk.sys
21:27:40:940 5920   mfebopk         (1d003e3056a43d881597d6763e83b943) C:\Windows\system32\drivers\mfebopk.sys
21:27:41:034 5920   mfehidk         (3f138a1c8a0659f329f242d1e389b2cf) C:\Windows\system32\drivers\mfehidk.sys
21:27:41:081 5920   mferkdk         (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
21:27:41:112 5920   mfesmfk         (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
21:27:41:159 5920   Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:27:41:205 5920   monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:27:41:252 5920   mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:27:41:315 5920   mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:27:41:346 5920   MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:27:41:393 5920   MPFP            (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
21:27:41:439 5920   mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:27:41:502 5920   mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:27:41:517 5920   Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:27:41:642 5920   MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:27:41:705 5920   mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:27:41:720 5920   mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:27:41:767 5920   mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:27:41:814 5920   msahci          (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
21:27:41:829 5920   msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:27:41:892 5920   Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:27:41:939 5920   msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:27:41:985 5920   MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:27:42:048 5920   MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:27:42:110 5920   MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:27:42:157 5920   MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:27:42:204 5920   mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:27:42:235 5920   MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:27:42:297 5920   Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:27:42:344 5920   NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:27:42:375 5920   NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:27:42:438 5920   NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:27:42:469 5920   Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:27:42:531 5920   NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:42:594 5920   NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:27:42:641 5920   NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:27:42:703 5920   netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:27:42:734 5920   nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:27:42:797 5920   Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:27:42:859 5920   nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:27:42:953 5920   Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:27:42:984 5920   ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:27:43:031 5920   NuidFltr        (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
21:27:43:077 5920   Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:27:43:421 5920   nvlddmkm        (8fe5350fa6a9f0b6633aee811c468954) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:27:43:577 5920   nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:27:43:623 5920   nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:27:43:655 5920   nv_agp          (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:27:43:717 5920   ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:27:43:748 5920   Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:27:43:795 5920   partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:27:43:811 5920   Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:27:43:842 5920   pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:27:43:857 5920   pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:27:43:904 5920   pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:27:43:967 5920   PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:27:44:045 5920   PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:27:44:060 5920   Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:27:44:107 5920   PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:27:44:138 5920   PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
21:27:44:185 5920   ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:27:44:216 5920   ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:27:44:247 5920   QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:27:44:341 5920   R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:27:44:388 5920   RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:27:44:450 5920   Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:27:44:497 5920   RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:27:44:559 5920   RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:27:44:591 5920   rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:27:44:637 5920   RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:27:44:700 5920   rdpdr           (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:27:44:747 5920   RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:27:44:793 5920   RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:27:44:825 5920   RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:27:44:856 5920   rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:27:44:903 5920   rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:27:44:965 5920   rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:27:45:043 5920   rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:27:45:074 5920   sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:27:45:137 5920   sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:27:45:183 5920   secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:27:45:230 5920   Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:27:45:277 5920   Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:27:45:324 5920   sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:27:45:402 5920   sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:27:45:449 5920   sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:27:45:480 5920   sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:27:45:511 5920   sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:27:45:558 5920   sisagp          (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:27:45:620 5920   SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:27:45:667 5920   SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:27:45:729 5920   Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:27:45:776 5920   spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:27:45:823 5920   srv             (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
21:27:45:870 5920   srv2            (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
21:27:45:917 5920   srvnet          (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
21:27:45:995 5920   STHDA           (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
21:27:46:057 5920   swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:27:46:119 5920   Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:27:46:135 5920   Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:27:46:166 5920   Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:27:46:229 5920   Tcpip           (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
21:27:46:307 5920   Tcpip6          (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
21:27:46:385 5920   tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:27:46:463 5920   TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:27:46:509 5920   TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:27:46:572 5920   tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:27:46:619 5920   TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:27:46:681 5920   tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:27:46:743 5920   tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:27:46:775 5920   tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:27:46:821 5920   uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:27:46:884 5920   udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:27:46:931 5920   uliagpkx        (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:27:46:977 5920   uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:27:47:009 5920   UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:27:47:024 5920   ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:27:47:071 5920   umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:27:47:118 5920   usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:27:47:165 5920   usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:27:47:227 5920   usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:27:47:289 5920   usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:27:47:336 5920   usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:27:47:352 5920   usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:27:47:383 5920   usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:27:47:430 5920   usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:27:47:477 5920   USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:27:47:523 5920   usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:27:47:555 5920   vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:27:47:601 5920   VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:27:47:664 5920   viaagp          (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:27:47:726 5920   ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:27:47:789 5920   viaide          (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
21:27:47:851 5920   volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:27:47:898 5920   volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:27:47:945 5920   volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:27:47:991 5920   vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:27:48:007 5920   WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:27:48:069 5920   Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:27:48:069 5920   Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:27:48:116 5920   Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:27:48:194 5920   Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:27:48:303 5920   winachsf        (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:27:48:366 5920   WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:27:48:428 5920   WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:27:48:475 5920   ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:27:48:537 5920   WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:48:600 5920   XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
21:27:48:600 5920   
21:27:48:600 5920   Completed
21:27:48:600 5920   
21:27:48:600 5920   Results:
21:27:48:600 5920   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
21:27:48:600 5920   File objects infected / cured / cured on reboot:   0 / 0 / 0
21:27:48:600 5920   
21:27:48:615 5920   KLMD(ARK) unloaded successfully



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8a2dc1eeb9650b4dac7a40e35906bb29
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-12 05:37:54
# local_time=2010-07-11 10:37:54 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 3742093 3742093 0 0
# compatibility_mode=5121 16776637 100 96 8678363 31742516 0 0
# compatibility_mode=5892 16776638 100 100 34069728 115516920 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 25 9 85653248 85653250 0 0
# scanned=145935
# found=0
# cleaned=0
# scan_time=3681
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 13, 2010, 04:19:34 PM
Everything is looking good, are you still experiencing lag?
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 13, 2010, 06:10:10 PM
Unfortunately, yes I am  /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 16, 2010, 10:23:36 PM
I see remnants of Symantecs in your log

Can you do the following
Download and save to desktop the NORTON REMOVAL TOOL (http://"http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html")

Right click on the removal tool and choose to "Run as Administrator"
Follow the prompts
Reboot the computer when prompted or after the tool has completed

Open OTL.exe and run a Quick Scan, post it's new log and keep me informed how things are now running
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 16, 2010, 11:02:13 PM
OTL logfile created on: 7/16/2010 8:58:03 PM - Run 3
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 64.10 Gb Free Space | 46.97% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 134.53 Gb Free Space | 90.26% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 5.87 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
Drive F: | 4.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JAMIE-LAPTOP
Current User Name: Jamie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2010/03/30 01:19:07 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/02/14 02:14:54 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/01 21:29:20 | 000,037,888 | R--- | M] () -- C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/04/17 21:48:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/04/17 20:31:58 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/03 15:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/11/03 15:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/09/08 16:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2006/06/05 02:18:54 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/10/08 13:04:48 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (stllssvr)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/10/08 13:04:44 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/08/29 18:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Stopped] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/03/26 15:59:50 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 14:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/05/09 02:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/10/18 20:13:15 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/10/18 20:13:15 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/10/18 20:13:15 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/04/12 17:02:56 | 000,157,184 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/21 12:33:46 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/27 00:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 00:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 00:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 05:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/06 18:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 16:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 16:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 19:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 19:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 19:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/08/04 17:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/p/3.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2008/12/15 18:02:06 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010/05/30 11:24:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Photo Album 7\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 7\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Meebo Notifier] C:\Users\Jamie\AppData\Local\Meebo\Meebo Notifier\MeeboNotifier.exe (Meebo, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: k12.ca.us ([parentconnect.luhsd] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([pattta.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tenderfoot.com ([]http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} http://simcity.ea.com/update/EARTPX.cab (EARTPatchX Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab (MaxisSimCity4PatcherX Control)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Photobucket Publisher http://pic.photobucket.com/plugins/csve/photobucket_publisher.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/04/20 13:37:17 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/03/26 21:03:00 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{87666442-7dae-11dc-adf8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010/04/20 13:37:17 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/07/16 20:45:07 | 000,921,512 | ---- | C] (Symantec Corporation) -- C:\Users\Jamie\Desktop\Norton_Removal_Tool.exe
[2010/07/11 21:22:57 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Users\Jamie\Desktop\TDSSKiller.exe
[2010/07/11 21:10:29 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\TFC.exe
[2010/07/10 14:48:32 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/07/10 14:48:31 | 004,947,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacgui.cpl
[2010/07/10 14:44:55 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/07/10 14:44:54 | 000,595,456 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapo.dll
[2010/07/10 14:44:54 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/07/10 14:44:54 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/07/10 14:44:53 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st325614.dll
[2010/07/09 16:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/07/09 16:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/07/09 16:06:23 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\HP
[2010/07/05 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\temp
[2010/07/05 21:41:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/05 21:29:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/05 21:28:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/05 21:28:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/05 21:28:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/29 13:00:29 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/06/29 11:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/29 11:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/29 11:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/29 10:25:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Motive
[2010/06/29 10:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/29 10:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2010/06/27 18:32:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Custard
[2010/06/27 12:59:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\Sims 3 Dashboard Tool
[2010/06/25 10:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/23 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Updater5
[2010/06/23 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\wp-issuu
[2010/06/13 12:03:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\CC Archived
[2010/06/12 23:17:19 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Meebo
[2010/06/12 23:17:18 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Meebo
[2010/06/08 18:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Smilebox
[2010/06/08 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\My Smilebox Creations
[2010/06/08 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Smilebox
[2010/06/07 15:27:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\gtk-2.0
[2010/06/07 15:22:55 | 000,000,000 | ---D | C] -- C:\Users\Jamie\.thumbnails
[2010/06/07 15:20:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\gegl-0.0
[2010/06/07 15:20:17 | 000,000,000 | ---D | C] -- C:\Users\Jamie\.gimp-2.6
[2010/06/02 10:49:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Apple
[2010/06/01 10:56:43 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Desktop\CC Packaged
[2010/05/30 11:02:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/30 10:52:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/30 10:52:30 | 000,000,000 | ---D | C] -- C:\%APPDATA%
[2010/05/29 14:01:06 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2010/05/29 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Apple Computer
[2010/05/28 21:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/28 21:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/28 14:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/27 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\gjqbrjexs
 
========== Files - Modified Within 90 Days ==========
 
[2010/07/16 20:59:44 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
[2010/07/16 20:58:43 | 004,194,304 | -HS- | M] () -- C:\Users\Jamie\ntuser.dat
[2010/07/16 20:53:32 | 000,032,068 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010/07/16 20:52:55 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/07/16 20:52:24 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/07/16 20:52:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/16 20:52:08 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/16 20:52:07 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/16 20:52:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/16 20:52:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/16 20:51:02 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/07/16 20:50:28 | 000,524,288 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/16 20:50:28 | 000,065,536 | -HS- | M] () -- C:\Users\Jamie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/16 20:50:07 | 002,417,714 | -H-- | M] () -- C:\Users\Jamie\AppData\Local\IconCache.db
[2010/07/16 20:45:09 | 000,921,512 | ---- | M] (Symantec Corporation) -- C:\Users\Jamie\Desktop\Norton_Removal_Tool.exe
[2010/07/16 20:02:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/16 18:22:53 | 000,065,536 | ---- | M] () -- C:\Users\Jamie\Desktop\SAP Judging Forms.doc
[2010/07/16 18:16:07 | 000,004,120 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\wklnhst.dat
[2010/07/15 13:10:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/07/11 21:22:57 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Users\Jamie\Desktop\TDSSKiller.exe
[2010/07/11 21:10:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\TFC.exe
[2010/07/11 13:11:19 | 000,525,824 | ---- | M] () -- C:\Users\Jamie\Desktop\dds.scr
[2010/07/09 18:07:53 | 000,002,523 | ---- | M] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2010/07/09 18:03:46 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/09 18:03:46 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/09 18:03:46 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/09 16:30:15 | 000,116,840 | ---- | M] () -- C:\Windows\hpqins00.dat
[2010/07/05 21:39:18 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/05 21:26:27 | 003,726,382 | R--- | M] () -- C:\Users\Jamie\Desktop\ComboFix.exe
[2010/07/01 10:30:40 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/06/27 02:05:01 | 000,047,616 | ---- | M] () -- C:\Users\Jamie\Documents\Meet Brody.wps
[2010/06/24 23:44:42 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/23 14:01:15 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/06/22 20:23:01 | 000,128,281 | ---- | M] () -- C:\Users\Jamie\Desktop\Simatography Cover.jpg
[2010/06/20 00:50:57 | 000,001,672 | ---- | M] () -- C:\Users\Jamie\Desktop\CCleaner.lnk
[2010/06/12 23:17:19 | 000,001,070 | ---- | M] () -- C:\Users\Jamie\Desktop\Meebo Notifier.lnk
[2010/06/12 03:18:16 | 000,022,528 | ---- | M] () -- C:\Users\Jamie\Documents\Meet Jane.wps
[2010/06/11 10:55:35 | 000,324,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/08 19:05:20 | 000,150,895 | ---- | M] () -- C:\Users\Jamie\Desktop\RunwayMid-1.jpg
[2010/06/08 18:15:42 | 000,001,818 | ---- | M] () -- C:\Users\Jamie\Desktop\Smilebox.lnk
[2010/06/08 17:49:46 | 000,001,535 | ---- | M] () -- C:\Users\Jamie\.recently-used.xbel
[2010/06/05 13:59:45 | 000,094,208 | ---- | M] () -- C:\Users\Jamie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/01 11:38:22 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/30 11:24:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/30 00:46:48 | 000,000,048 | ---- | M] () -- C:\config.ini
[2010/05/29 14:01:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2010/05/29 09:10:08 | 004,194,304 | -HS- | M] () -- C:\Users\Jamie\ntuser.dat_previous
[2010/05/27 21:55:53 | 000,011,776 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Finale.wps
[2010/05/18 01:27:16 | 000,009,728 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Beach Bum.wps
[2010/05/13 02:05:10 | 000,013,312 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Kid at heart.wps
[2010/05/08 10:01:08 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 23:32:35 | 000,012,800 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Role Play Date Night.wps
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/24 22:59:04 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
[2010/04/22 00:23:57 | 000,009,728 | ---- | M] () -- C:\Users\Jamie\Documents\SAP Role Play Advertise Me.wps
 
========== Files Created - No Company Name ==========
 
[2010/07/16 18:22:53 | 000,065,536 | ---- | C] () -- C:\Users\Jamie\Desktop\SAP Judging Forms.doc
[2010/07/11 13:11:17 | 000,525,824 | ---- | C] () -- C:\Users\Jamie\Desktop\dds.scr
[2010/07/09 16:28:42 | 000,116,840 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/07/09 16:06:48 | 000,004,559 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/07/05 21:28:32 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/05 21:28:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/05 21:28:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/05 21:28:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/05 21:28:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/05 21:26:20 | 003,726,382 | R--- | C] () -- C:\Users\Jamie\Desktop\ComboFix.exe
[2010/06/24 23:44:42 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Create a Pattern Tool.lnk
[2010/06/23 00:22:28 | 000,128,281 | ---- | C] () -- C:\Users\Jamie\Desktop\Simatography Cover.jpg
[2010/06/12 23:17:19 | 000,001,070 | ---- | C] () -- C:\Users\Jamie\Desktop\Meebo Notifier.lnk
[2010/06/11 23:18:46 | 000,022,528 | ---- | C] () -- C:\Users\Jamie\Documents\Meet Jane.wps
[2010/06/08 19:05:20 | 000,150,895 | ---- | C] () -- C:\Users\Jamie\Desktop\RunwayMid-1.jpg
[2010/06/08 18:15:42 | 000,001,818 | ---- | C] () -- C:\Users\Jamie\Desktop\Smilebox.lnk
[2010/06/08 17:49:46 | 000,001,535 | ---- | C] () -- C:\Users\Jamie\.recently-used.xbel
[2010/06/01 11:38:22 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2010/05/30 10:54:01 | 000,000,392 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
[2010/05/30 00:46:48 | 000,000,048 | ---- | C] () -- C:\config.ini
[2010/05/29 23:02:55 | 000,002,523 | ---- | C] () -- C:\Users\Jamie\Desktop\HiJackThis.lnk
[2010/05/27 12:37:11 | 000,011,776 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Finale.wps
[2010/05/18 01:27:16 | 000,009,728 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Beach Bum.wps
[2010/05/13 02:05:10 | 000,013,312 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Kid at heart.wps
[2010/05/08 10:01:08 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/04 23:32:35 | 000,012,800 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Role Play Date Night.wps
[2010/05/01 10:42:31 | 000,001,672 | ---- | C] () -- C:\Users\Jamie\Desktop\CCleaner.lnk
[2010/04/27 19:30:29 | 003,761,255 | ---- | C] () -- C:\Users\Jamie\Desktop\CX-hair_peggyzone_hairmesh05399_fx7.package
[2010/04/24 22:59:04 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
[2010/04/22 00:23:56 | 000,009,728 | ---- | C] () -- C:\Users\Jamie\Documents\SAP Role Play Advertise Me.wps
[2010/03/10 12:38:01 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/02/14 02:16:27 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/02 14:44:59 | 000,000,737 | ---- | C] () -- C:\Windows\XMLEditor31.INI
[2009/06/01 21:21:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2009/01/03 14:00:40 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2007/12/24 14:52:37 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/10/18 20:13:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/10/18 12:34:33 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/03 15:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2005/09/15 15:40:22 | 000,160,768 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[2002/02/27 18:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009/03/31 15:10:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\ACD Systems
[2008/04/27 01:56:25 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\CrystalSpace
[2007/12/24 15:15:14 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\DataSafeOnline
[2008/12/11 14:50:05 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\EPSON
[2010/03/07 13:53:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Facebook
[2008/11/21 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\GARMIN
[2010/06/08 17:49:46 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\gtk-2.0
[2008/07/15 13:50:24 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Leadertech
[2010/06/12 23:17:25 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Meebo
[2009/06/17 16:14:05 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\NCH Swift Sound
[2010/01/22 12:21:40 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\NVD
[2008/02/10 11:23:20 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\PeerNetworking
[2010/07/12 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Smilebox
[2010/01/28 11:57:02 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\SoftGrid Client
[2007/12/11 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Template
[2009/05/27 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\Tenderfoot Games
[2010/01/22 12:21:37 | 000,000,000 | ---D | M] -- C:\Users\Jamie\AppData\Roaming\TP
[2010/07/15 13:10:03 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/07/01 10:30:40 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/07/16 20:51:02 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/16 20:59:44 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1D67BDAF-0B02-4334-907D-49C1F9885BDF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\TS-L632H_D300[1]:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Jamie\Documents\A103[1]:Roxio EMC Stream
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2DAD076E
< End of report >
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 16, 2010, 11:23:03 PM
Quote
Open OTL.exe and run a Quick Scan, post it's new log and keep me informed how things are now running
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: jme on July 17, 2010, 12:11:51 AM
Oh my goodness, I'm so sorry I posted the log, but not how things are running, lol.....der. I noticed a huge difference! Who knew that something left over from Norton would cause that lag  /blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Thanks a heap Guestolo for all of your help and sticking with me until all of my issues were resolved.......you truly are a special person for helping complete strangers with their computer issues.  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Title: Possible FakeAlert-FakeSpy.a Trojan
Post by: guestolo on July 17, 2010, 12:26:38 AM
Ensure that you still have a copy of ComboFix on your desktop
Then let's properly
Remove Combofix now that we're done with it.In addition, let's remove OTL.exe
Right click on OTL.exe and choose to "Run as Admin"
When open, choose the CLEANUP option, follow the prompts and reboot if you are prompted

I'll lock this topic in a couple days if you have no further problems or questions