GMER found rootkit activity. Concerned.

Newbie Poster

11 posts since Apr 2010

Reputation Points: 10

Solved Threads: 0

Hi. No attachments please. The sticky thread does say to copy/paste BOTH DDS logs :).

Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

Thanks for responding.
No reboot was required. Here are the contents of that file:

2011/06/04 21:34:41.0504 1284 TDSS 2011/06/04 21:34:43.0517 1284 ====== 2011/06/04 21:34:43.0517 1284 SystemInfo:
2011/06/04 21:34:43.0517 1284 OS 2011/06/04 21:34:43.0517 1284 Product 2011/06/04 21:34:43.0517 1284 ComputerName: 2011/06/04 21:34:43.0517 1284 UserName: 2011/06/04 21:34:43.0517 1284 Windows 2011/06/04 21:34:43.0517 1284 System 2011/06/04 21:34:43.0517 1284 Processor 2011/06/04 21:34:43.0517 1284 Number 2011/06/04 21:34:43.0517 1284 Page 2011/06/04 21:34:43.0517 1284 Boot 2011/06/04 21:34:43.0517 1284 ====== 2011/06/04 21:34:49.0656 1284 Initialize 2011/06/04 21:35:35.0292 2508 ====== 2011/06/04 21:35:35.0292 2508 Scan 2011/06/04 21:35:35.0292 2508 Mode: 2011/06/04 21:35:35.0292 2508 ====== 2011/06/04 21:35:36.0744 2508 ac97intc 2011/06/04 21:35:37.0054 2508 ACPI 2011/06/04 21:35:37.0275 2508 ACPIEC 2011/06/04 21:35:37.0755 2508 aec 2011/06/04 21:35:38.0026 2508 AFD 2011/06/04 21:35:38.0436 2508 agp440 2011/06/04 21:35:41.0200 2508 Aspi32 2011/06/04 21:35:41.0461 2508 AsyncMac 2011/06/04 21:35:41.0701 2508 atapi 2011/06/04 21:35:42.0342 2508 ati2mtaa 2011/06/04 21:35:42.0582 2508 Atmarpc 2011/06/04 21:35:42.0883 2508 audstub 2011/06/04 21:35:43.0083 2508 avgio 2011/06/04 21:35:43.0514 2508 avgntflt 2011/06/04 21:35:43.0874 2508 avipbb 2011/06/04 21:35:44.0165 2508 Beep 2011/06/04 21:35:44.0385 2508 cbidf2k 2011/06/04 21:35:44.0595 2508 CCDECODE 2011/06/04 21:35:45.0036 2508 Cdaudio 2011/06/04 21:35:45.0276 2508 Cdfs 2011/06/04 21:35:45.0507 2508 Cdr4_2K 2011/06/04 21:35:45.0737 2508 Cdralw2k 2011/06/04 21:35:45.0997 2508 Cdrom 2011/06/04 21:35:46.0338 2508 cfwids 2011/06/04 21:35:46.0838 2508 CLBStor 2011/06/04 21:35:48.0341 2508 Disk 2011/06/04 21:35:48.0581 2508 dmboot 2011/06/04 21:35:48.0931 2508 dmio 2011/06/04 21:35:49.0122 2508 dmload 2011/06/04 21:35:49.0412 2508 DMusic 2011/06/04 21:35:49.0943 2508 drmkaud 2011/06/04 21:35:50.0303 2508 E100B 2011/06/04 21:35:50.0634 2508 Fastfat 2011/06/04 21:35:50.0854 2508 Fdc 2011/06/04 21:35:51.0105 2508 Fips 2011/06/04 21:35:51.0395 2508 Flpydisk 2011/06/04 21:35:51.0735 2508 FltMgr 2011/06/04 21:35:51.0946 2508 Fs_Rec 2011/06/04 21:35:52.0156 2508 Ftdisk 2011/06/04 21:35:52.0426 2508 gameenum 2011/06/04 21:35:52.0727 2508 Gpc 2011/06/04 21:35:53.0047 2508 HidUsb 2011/06/04 21:35:53.0638 2508 HTTP 2011/06/04 21:35:54.0459 2508 i8042prt 2011/06/04 21:35:54.0770 2508 ICAM3NT5 2011/06/04 21:35:55.0120 2508 Imapi 2011/06/04 21:35:55.0711 2508 IntelIde 2011/06/04 21:35:55.0992 2508 Ip6Fw 2011/06/04 21:35:56.0182 2508 IpFilterDriver 2011/06/04 21:35:56.0442 2508 IpInIp 2011/06/04 21:35:56.0673 2508 IpNat 2011/06/04 21:35:56.0953 2508 IPSec 2011/06/04 21:35:57.0143 2508 IRENUM 2011/06/04 21:35:57.0414 2508 isapnp 2011/06/04 21:35:57.0744 2508 Kbdclass 2011/06/04 21:35:57.0994 2508 kmixer 2011/06/04 21:35:58.0345 2508 KSecDD 2011/06/04 21:35:58.0966 2508 ltmodem5 2011/06/04 21:35:59.0216 2508 MBAMProtector 2011/06/04 21:35:59.0657 2508 mfeapfk 2011/06/04 21:35:59.0847 2508 mfeavfk 2011/06/04 21:36:00.0308 2508 mfebopk 2011/06/04 21:36:00.0648 2508 mfefirek 2011/06/04 21:36:00.0919 2508 mfehidk 2011/06/04 21:36:01.0309 2508 mfendisk 2011/06/04 21:36:01.0479 2508 mfendiskmp 2011/06/04 21:36:01.0700 2508 mferkdet 2011/06/04 21:36:01.0960 2508 mfetdi2k 2011/06/04 21:36:02.0261 2508 mnmdd 2011/06/04 21:36:02.0551 2508 Modem 2011/06/04 21:36:02.0831 2508 MODEMCSA 2011/06/04 21:36:03.0022 2508 Mouclass 2011/06/04 21:36:03.0302 2508 mouhid 2011/06/04 21:36:03.0502 2508 MountMgr 2011/06/04 21:36:04.0053 2508 MRxDAV 2011/06/04 21:36:04.0334 2508 MRxSmb 2011/06/04 21:36:04.0594 2508 Msfs 2011/06/04 21:36:04.0894 2508 MSKSSRV 2011/06/04 21:36:05.0145 2508 MSPCLOCK 2011/06/04 21:36:05.0385 2508 MSPQM 2011/06/04 21:36:05.0696 2508 mssmbios 2011/06/04 21:36:05.0896 2508 MSTEE 2011/06/04 21:36:06.0176 2508 ms_mpu401 2011/06/04 21:36:06.0457 2508 Mup 2011/06/04 21:36:06.0677 2508 NABTSFEC 2011/06/04 21:36:06.0897 2508 NDIS 2011/06/04 21:36:07.0198 2508 NdisIP 2011/06/04 21:36:07.0428 2508 NdisTapi 2011/06/04 21:36:07.0668 2508 Ndisuio 2011/06/04 21:36:07.0859 2508 NdisWan 2011/06/04 21:36:08.0219 2508 NDProxy 2011/06/04 21:36:08.0490 2508 NetBIOS 2011/06/04 21:36:08.0790 2508 NetBT 2011/06/04 21:36:09.0050 2508 Npfs 2011/06/04 21:36:09.0331 2508 Ntfs 2011/06/04 21:36:09.0571 2508 Null 2011/06/04 21:36:09.0761 2508 NwlnkFlt 2011/06/04 21:36:09.0932 2508 NwlnkFwd 2011/06/04 21:36:10.0142 2508 P3 2011/06/04 21:36:10.0332 2508 Parport 2011/06/04 21:36:10.0623 2508 PartMgr 2011/06/04 21:36:10.0803 2508 ParVdm 2011/06/04 21:36:10.0993 2508 PCI 2011/06/04 21:36:11.0774 2508 Pcmcia 2011/06/04 21:36:13.0697 2508 PptpMiniport 2011/06/04 21:36:13.0957 2508 PSched 2011/06/04 21:36:14.0148 2508 Ptilink 2011/06/04 21:36:15.0600 2508 RasAcd 2011/06/04 21:36:15.0880 2508 Rasl2tp 2011/06/04 21:36:16.0151 2508 RasPppoe 2011/06/04 21:36:16.0351 2508 Raspti 2011/06/04 21:36:16.0651 2508 Rdbss 2011/06/04 21:36:16.0862 2508 RDPCDD 2011/06/04 21:36:17.0172 2508 rdpdr 2011/06/04 21:36:17.0482 2508 RDPWD 2011/06/04 21:36:17.0773 2508 redbook 2011/06/04 21:36:18.0133 2508 Secdrv 2011/06/04 21:36:18.0444 2508 serenum 2011/06/04 21:36:18.0654 2508 Serial 2011/06/04 21:36:18.0925 2508 Sfloppy 2011/06/04 21:36:19.0455 2508 SLIP 2011/06/04 21:36:19.0806 2508 smwdm 2011/06/04 21:36:20.0457 2508 splitter 2011/06/04 21:36:20.0717 2508 sr 2011/06/04 21:36:21.0088 2508 Srv 2011/06/04 21:36:21.0478 2508 ssmdrv 2011/06/04 21:36:21.0669 2508 StillCam 2011/06/04 21:36:21.0939 2508 streamip 2011/06/04 21:36:22.0199 2508 swenum 2011/06/04 21:36:22.0480 2508 swmidi 2011/06/04 21:36:23.0872 2508 sysaudio 2011/06/04 21:36:24.0092 2508 Tcpip 2011/06/04 21:36:24.0432 2508 TDPIPE 2011/06/04 21:36:24.0613 2508 TDTCP 2011/06/04 21:36:24.0833 2508 TermDD 2011/06/04 21:36:25.0354 2508 Udfs 2011/06/04 21:36:25.0925 2508 Update 2011/06/04 21:36:26.0265 2508 usbehci 2011/06/04 21:36:26.0475 2508 usbhub 2011/06/04 21:36:26.0696 2508 usbohci 2011/06/04 21:36:26.0966 2508 usbprint 2011/06/04 21:36:27.0136 2508 usbscan 2011/06/04 21:36:27.0377 2508 USBSTOR 2011/06/04 21:36:27.0567 2508 usbuhci 2011/06/04 21:36:27.0928 2508 USRpdA 2011/06/04 21:36:28.0158 2508 VgaSave 2011/06/04 21:36:28.0639 2508 VolSnap 2011/06/04 21:36:28.0919 2508 Wanarp 2011/06/04 21:36:29.0420 2508 wdmaud 2011/06/04 21:36:29.0890 2508 WSTCODEC 2011/06/04 21:36:30.0071 2508 MBR (0x1B8) 2011/06/04 21:36:30.0241 2508 ====== 2011/06/04 21:36:30.0241 2508 Scan 2011/06/04 21:36:30.0241 2508 ====== 2011/06/04 21:36:30.0321 3244 Detected 2011/06/04 21:36:30.0321 3244 Actual rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
==========================================================================
/> Version: 5.1.2600 ServicePack: 3.0
type: Workstation
US-473DF7392ED3
Timothy Rock
directory: C:\WINDOWS
windows directory: C:\WINDOWS
architecture: Intel x86
of processors: 1
size: 0x1000
type: Normal boot
==========================================================================
success
==========================================================================
started
Manual;
==========================================================================
(0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
(8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
(9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
(8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
(7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
(08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
(20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
(b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
(9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
(27bab72eae141d0ce39ec65c0fdeb2d6) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
(9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
(d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
(0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
(47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
(5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
(da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
(90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
(0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
(c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
(c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
(2a64bac090d81b59bdc2e803b69564ea) C:\WINDOWS\system32\drivers\Cdr4_2K.sys
(2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
(1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
(ecaf4a51580244fef1aa32cb984f13bf) C:\WINDOWS\system32\drivers\cfwids.sys
(fa235030403b63c5c8d65584356811ee) C:\WINDOWS\system32\drivers\CLBStor.sys
(044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
(d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
(7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
(e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
(8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
(8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
(7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
(38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
(92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
(d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
(9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
(b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
(3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
(6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
(065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
(0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
(ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
(f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
(4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
(673962b31666f877c283a81392eab199) C:\WINDOWS\system32\Drivers\ICAM3D2.SYS
(083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
(b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
(3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
(731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
(b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
(cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
(23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
(c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
(05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
(463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
(692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
(b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
(9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
(3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
(688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
(693a8d924b640223974e0a88f2baf0f4) C:\WINDOWS\system32\drivers\mfeavfk.sys
(52c40d19873528bd15823c969d3ad227) C:\WINDOWS\system32\drivers\mfebopk.sys
(e37b98d49df546f4059483d49e349a53) C:\WINDOWS\system32\drivers\mfefirek.sys
(44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
(8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
(8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
(5f5313bfd1e73233885a26ab77488f6f) C:\WINDOWS\system32\drivers\mferkdet.sys
(8d1a44e1f46bcf4acfe9c701edd340e3) C:\WINDOWS\system32\drivers\mfetdi2k.sys
(4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
(dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
(1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
(35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
(b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
(a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
(11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
(0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
(c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
(d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
(325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
(bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
(af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
(e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
(ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
(2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
(5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
(1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
(7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
(1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
(f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
(edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
(9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
(5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
(74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
(3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
(78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
(73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
(b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
(c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
(c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
(5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
(beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
(70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
(a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
(9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
(efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
(09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
(80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
(fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
(11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
(5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
(fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
(7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
(4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
(15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
(6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
(f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
(90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
(0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
(cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
(8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
(866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
(b911c822922cf62df83ad36d5c9775cc) C:\WINDOWS\system32\drivers\smwdm.sys
(ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
(76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
(47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
(a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
(a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
(77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
(3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
(8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
(8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
(9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
(6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
(c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
(88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
(5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
(402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
(65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
(1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
(0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
(a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
(a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
(a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
(26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
(497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
(0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
(4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
(e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
(6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
(c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
(8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
==========================================================================
finished
==========================================================================
object count: 0
detected object count: 0

Newbie Poster

11 posts since Apr 2010

Reputation Points: 10

Solved Threads: 0

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

Done. Here are, in order, OTL.txt and Extras.txt:

OTL logfile created on: 6/4/2011 11:53:09 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Timothy Rock\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 284.05 Mb Available Physical Memory | 55.55% Memory free
992.63 Mb Paging File | 386.88 Mb Available in Paging File | 38.98% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.62 Gb Total Space | 16.03 Gb Free Space | 56.00% Space Free | Partition Type: FAT32

Computer Name: US-473DF7392ED3 | User Name: Timothy Rock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 23:48:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/02 15:08:30 | 001,191,368 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2011/03/28 16:15:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/12 03:01:32 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe
PRC - [2004/08/04 12:00:00 | 000,077,891 | ---- | M] (U.S. Robotics Corporation) -- C:\WINDOWS\SYSTEM32\usrmlnka.exe
PRC - [2004/08/04 12:00:00 | 000,069,700 | ---- | M] ( U.S. Robotics Corporation) -- C:\WINDOWS\SYSTEM32\usrshuta.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/09/26 22:39:42 | 000,245,760 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\atiptaxx.exe
PRC - [1998/07/25 00:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\REMINDER.EXE

========== Modules (SafeList) ==========

MOD - [2011/06/04 23:48:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SeaPort)
SRV - File not found [Auto | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/28 16:15:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/04/01 17:08:00 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:08:00 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2010/06/17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/02/13 18:42:26 | 000,052,464 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2006/10/18 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/31 16:03:10 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/12/03 11:57:22 | 000,145,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ICAM3D2.SYS -- (ICAM3NT5) Intel(r)
DRV - [2001/09/26 21:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRpdA.sys -- (USRpdA)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myplace.frontier.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email]jqs@sun.com[/email]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/03/06 20:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 18:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 13:44:34 | 000,000,000 | ---D | M]

[2009/10/28 13:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Rock\Application Data\Mozilla\Extensions
[2009/10/28 13:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Rock\Application Data\Mozilla\Firefox\Profiles\4dmv5nm8.default\extensions
[2011/06/02 15:38:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Timothy Rock\Application Data\Mozilla\Firefox\Profiles\4dmv5nm8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/28 13:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/22 17:43:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/10/01 14:58:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110601213430.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [USRpdA] File not found
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - HKCU..\Run: [Reminder] C:\Program Files\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165715432573 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://66.192.44.240/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/05 18:40:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/06/04 23:48:36 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
[2011/06/04 21:33:51 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Timothy Rock\Desktop\TDSSKiller.exe
[2011/06/04 15:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/04 13:49:44 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2011/06/03 19:31:11 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Timothy Rock\Desktop\dds.scr
[2011/06/03 14:32:10 | 007,286,791 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\All Users\Documents\stinger10101629.exe
[2011/06/02 20:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Timothy Rock\Application Data\Avira
[2011/06/02 20:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/06/02 20:07:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/06/02 20:07:00 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/02 20:06:59 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/02 20:06:59 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/06/02 20:06:59 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/06/02 20:06:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/06/02 20:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/28 15:41:14 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2011/05/08 12:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[6 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Timothy Rock\My Documents\*.tmp files -> C:\Documents and Settings\Timothy Rock\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/04 23:48:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
[2011/06/04 21:31:56 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\tdsskiller.zip
[2011/06/04 15:22:22 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/04 15:21:08 | 000,013,732 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/04 15:20:44 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/04 15:20:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/04 15:19:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/03 19:31:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\uk9essxp.exe
[2011/06/03 19:31:12 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Timothy Rock\Desktop\dds.scr
[2011/06/03 18:51:20 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\stinger10101629.opt
[2011/06/03 14:32:48 | 007,286,791 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\All Users\Documents\stinger10101629.exe
[2011/06/02 20:07:58 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/02 16:51:34 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 07:10:00 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Timothy Rock\Desktop\TDSSKiller.exe
[2011/05/18 13:32:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/14 21:31:26 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\Microsoft Word.lnk
[2011/05/14 20:43:48 | 000,001,390 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\Calculator.lnk
[2011/05/08 12:32:10 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[6 C:\*.tmp files -> C:\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Timothy Rock\My Documents\*.tmp files -> C:\Documents and Settings\Timothy Rock\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 21:31:56 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Desktop\tdsskiller.zip
[2011/06/04 15:22:07 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/03 19:31:49 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Desktop\uk9essxp.exe
[2011/06/03 18:51:19 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\stinger10101629.opt
[2011/06/02 20:07:55 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/05/08 12:32:07 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/15 22:43:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 20:10:16 | 000,016,847 | -H-- | C] () -- C:\WINDOWS\hpothb07.dat
[2009/09/23 14:37:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/13 22:12:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2008/10/13 19:47:52 | 000,016,980 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2008/10/13 19:47:52 | 000,000,147 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2008/07/29 22:09:36 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/07/29 22:09:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2008/05/05 18:06:21 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/13 18:42:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2008/02/11 20:28:55 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/09/09 20:09:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/04/11 19:33:33 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\kodakpcd.ini
[2007/03/12 01:29:12 | 000,000,015 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/02/02 21:26:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/08/02 20:49:54 | 000,000,201 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/10 21:35:38 | 000,000,733 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/07 21:57:14 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\REGTLIB.EXE
[2006/05/03 20:33:47 | 000,000,269 | -H-- | C] () -- C:\Documents and Settings\Timothy Rock\Application Data\hpothb07.tif
[2006/05/03 20:33:47 | 000,000,199 | -H-- | C] () -- C:\Documents and Settings\Timothy Rock\Application Data\hpothb07.dat
[2006/02/27 17:09:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2006/02/20 20:58:36 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2006/02/18 17:10:06 | 000,000,422 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/05 20:39:50 | 000,001,003 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/05 19:35:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/05 19:20:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/05 19:08:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/05 19:07:23 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/05 18:49:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/05 18:49:12 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/05 18:49:12 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/05 18:49:12 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/05 18:49:12 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/05 18:49:03 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/05 18:48:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/05 18:48:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/05 18:48:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/05 18:48:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/05 18:47:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/05 18:46:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/05 18:38:57 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/02/18 17:40:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/09/26 20:23:00 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2001/09/26 20:22:48 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2001/09/26 20:22:40 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001/09/26 20:22:34 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2001/09/26 20:22:28 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2001/09/26 20:22:04 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001/09/26 20:21:00 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2001/09/26 20:20:06 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2000/11/30 12:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

========== LOP Check ==========

[2007/03/12 00:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/09 18:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/02/05 22:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\MSNInstaller
[2007/01/27 19:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\OfficeUpdate12
[2007/02/02 21:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\MyFamily.com
[2008/11/13 22:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\Opera
[2009/10/12 02:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\PolyView
[2011/06/04 15:20:44 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/06/04 15:20:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/25 12:23:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/25 12:23:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\dllcache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/25 12:23:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/25 12:23:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\dllcache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\dllcache\eventlog.dll
[2008/04/13 20:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\dllcache\netlogon.dll
[2008/04/13 20:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\dllcache\scecli.dll
[2008/04/13 20:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:52 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2006/02/05 19:06:34 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav
[2006/02/05 19:06:36 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2006/02/05 19:06:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav

< End of report >

_________________________________________________________

OTL Extras logfile created on: 6/4/2011 11:53:09 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Timothy Rock\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 284.05 Mb Available Physical Memory | 55.55% Memory free
992.63 Mb Paging File | 386.88 Mb Available in Paging File | 38.98% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.62 Gb Total Space | 16.03 Gb Free Space | 56.00% Space Free | Partition Type: FAT32

Computer Name: US-473DF7392ED3 | User Name: Timothy Rock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat
"C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = MediaNow CD & DVD Burning Suite
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6CC93102-135E-49E2-99A4-C431E671C12A}" = HP Photo and Imaging 2.0 - Scanners
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D0E604A0-5C90-4212-88B5-2AFCFF134FB5}" = MSN Toolbar
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = PowerDVD Copy 1.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Hoyle Solitaire & Mah Jong Tiles" = Hoyle Solitaire & Mah Jong Tiles
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSC" = McAfee AntiVirus Plus
"MSMONEYV70" = Microsoft Money 99
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2011 2:19:53 PM | Computer Name = US-473DF7392ED3 | Source = Application Hang | ID = 1002
Description = Hanging application mcagent.exe, version 11.0.554.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 3:07:40 PM | Computer Name = US-473DF7392ED3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 3:23:37 PM | Computer Name = US-473DF7392ED3 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2148 (0x864) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.333
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Adobe\Reader
9.0\Reader\AcroRd32.exe by C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 6/4/2011 3:26:30 PM | Computer Name = US-473DF7392ED3 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2748 (0xabc) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.4.0.333
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Common
Files\McAfee\SystemCore\mfebopa.dll by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 6/4/2011 3:33:43 PM | Computer Name = US-473DF7392ED3 | Source = Application Hang | ID = 1002
Description = Hanging application mcagent.exe, version 11.0.554.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 3:36:30 PM | Computer Name = US-473DF7392ED3 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 6/4/2011 3:50:23 PM | Computer Name = US-473DF7392ED3 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 6/4/2011 4:26:24 PM | Computer Name = US-473DF7392ED3 | Source = VSS | ID = 4001
Description = Volume Shadow Copy Service error: Cannot find diff areas for creating
shadow copies. Please add at least one NTFS drive to the system with enough free
space. The free space needed is at least 100 Mb for each volume to be backed up/shadowed.

Error - 6/4/2011 5:41:28 PM | Computer Name = US-473DF7392ED3 | Source = Application Hang | ID = 1002
Description = Hanging application mcagent.exe, version 11.0.554.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 5:41:38 PM | Computer Name = US-473DF7392ED3 | Source = Application Hang | ID = 1001
Description = Fault bucket -1863599371.

[ System Events ]
Error - 6/4/2011 7:02:41 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 7:04:42 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 7:06:43 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 7:08:44 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 7:10:45 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 7:12:47 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 7:14:48 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 7:16:49 PM | Computer Name = US-473DF7392ED3 | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 6/4/2011 11:54:59 PM | Computer Name = US-473DF7392ED3 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 6/4/2011 11:55:00 PM | Computer Name = US-473DF7392ED3 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

Newbie Poster

11 posts since Apr 2010

Reputation Points: 10

Solved Threads: 0

You need to uninstall one of the AV's that you have, or disable one from starting with Windows as there will be a conflict between them.

Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - File not found

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4 - HKLM..\Run: [Microsoft Default Manager] File not found

O4 - HKLM..\Run: [USRpdA] File not found

O4 - HKCU..\Run: [Power2GoExpress] File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

:Commands

[purity]

[emptyflash]

[emptytemp]

[resethosts]

[Reboot]

Then click theRun Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

Drat! I pasted your copy into OTL. And, because *I didn't see the last sentences of your post*, clicked the "run scan" button mistakenly.

Should I just put in the same copy and click the "Run Fix" button this time? Then, allow to run, and continue the procedure you gave (reboot when done, post log from that run, open OTL again and click the quick scan button, post the log)...?
I'm sorry I was confused.

Newbie Poster

11 posts since Apr 2010

Reputation Points: 10

Solved Threads: 0

Yeah, just repeat the steps please.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

Steps were repeated. Here is the log. Thanks for the guidance.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Default Manager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\USRpdA deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Default User

User: All Users

User: NetworkService

User: LocalService
->Flash cache emptied: 618 bytes

User: Timothy Rock
->Flash cache emptied: 790 bytes

User: fritzycooks
->Flash cache emptied: 487 bytes

User: Administrator

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Timothy Rock
->Temp folder emptied: 729906 bytes
->Temporary Internet Files folder emptied: 10569703 bytes
->Java cache emptied: 59452865 bytes
->FireFox cache emptied: 56893936 bytes
->Opera cache emptied: 22567554 bytes
->Flash cache emptied: 0 bytes

User: fritzycooks
->Temp folder emptied: 266528277 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 3736858 bytes
->FireFox cache emptied: 93043080 bytes
->Opera cache emptied: 982775 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39016194 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
RecycleBin emptied: 18911552 bytes

Total Files Cleaned = 548.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06052011_022233

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Newbie Poster

11 posts since Apr 2010

Reputation Points: 10

Solved Threads: 0

And here is the log file from the Quick Scan...

OTL logfile created on: 6/5/2011 2:33:37 AM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Timothy Rock\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 205.27 Mb Available Physical Memory | 40.15% Memory free
994.64 Mb Paging File | 653.16 Mb Available in Paging File | 65.67% Paging File free
Paging file location(s): C:\pagefile.sys 512 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.62 Gb Total Space | 16.80 Gb Free Space | 58.70% Space Free | Partition Type: FAT32

Computer Name: US-473DF7392ED3 | User Name: Timothy Rock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 23:48:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/02 15:09:18 | 001,306,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/12 03:01:32 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe
PRC - [2002/04/17 10:49:16 | 000,077,824 | ---- | M] () -- c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 10:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
PRC - [2001/09/26 22:39:42 | 000,245,760 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\atiptaxx.exe
PRC - [1998/07/25 00:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Money\System\REMINDER.EXE

========== Modules (SafeList) ==========

MOD - [2011/06/04 23:48:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SeaPort)
SRV - File not found [Auto | Stopped] -- -- (KodakCCS)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/17 16:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/13 11:41:50 | 000,159,832 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/03/13 11:41:36 | 000,165,000 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/02/16 15:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 18:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,337,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfefirek.sys -- (mfefirek)
DRV - [2011/03/13 11:20:10 | 000,179,248 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeapfk.sys -- (mfeapfk)
DRV - [2011/03/13 11:20:10 | 000,089,368 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/03/13 11:20:10 | 000,085,984 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdet.sys -- (mferkdet)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendiskmp)
DRV - [2011/03/13 11:20:10 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfendisk.sys -- (mfendisk)
DRV - [2011/03/13 11:20:10 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2011/03/13 11:20:10 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cfwids.sys -- (cfwids)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/02/13 18:42:26 | 000,052,464 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2006/10/18 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/31 16:03:10 | 000,010,368 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2004/08/03 22:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/12/03 11:57:22 | 000,145,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ICAM3D2.SYS -- (ICAM3NT5) Intel(r)
DRV - [2001/09/26 21:32:38 | 000,285,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\USRpdA.sys -- (USRpdA)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myplace.frontier.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email]jqs@sun.com[/email]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/03/06 20:00:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 18:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 13:44:34 | 000,000,000 | ---D | M]

[2009/10/28 13:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Rock\Application Data\Mozilla\Extensions
[2009/10/28 13:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Timothy Rock\Application Data\Mozilla\Firefox\Profiles\4dmv5nm8.default\extensions
[2011/06/02 15:38:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Timothy Rock\Application Data\Mozilla\Firefox\Profiles\4dmv5nm8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/10/28 13:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/22 17:43:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/10/01 14:58:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/05 02:24:54 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110601213430.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Reminder] C:\Program Files\Microsoft Money\System\REMINDER.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165715432573 (MUWebControl Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://66.192.44.240/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/05 18:40:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 02:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/05 02:22:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 23:48:36 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
[2011/06/04 21:33:51 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Timothy Rock\Desktop\TDSSKiller.exe
[2011/06/04 13:49:44 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2011/06/03 19:31:11 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Timothy Rock\Desktop\dds.scr
[2011/06/03 14:32:10 | 007,286,791 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\All Users\Documents\stinger10101629.exe
[2011/05/28 15:41:14 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2011/05/08 12:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2 C:\Documents and Settings\Timothy Rock\My Documents\*.tmp files -> C:\Documents and Settings\Timothy Rock\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/05 02:35:30 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/05 02:28:10 | 000,013,732 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 02:28:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/06/05 02:28:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/05 02:27:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/04 23:48:52 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Timothy Rock\Desktop\OTL.exe
[2011/06/04 21:31:56 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\tdsskiller.zip
[2011/06/03 19:31:46 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\uk9essxp.exe
[2011/06/03 19:31:12 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Timothy Rock\Desktop\dds.scr
[2011/06/03 18:51:20 | 000,000,169 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\stinger10101629.opt
[2011/06/03 14:32:48 | 007,286,791 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\All Users\Documents\stinger10101629.exe
[2011/06/02 16:51:34 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/25 07:10:00 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Timothy Rock\Desktop\TDSSKiller.exe
[2011/05/18 13:32:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/14 21:31:26 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\Microsoft Word.lnk
[2011/05/14 20:43:48 | 000,001,390 | ---- | M] () -- C:\Documents and Settings\Timothy Rock\Desktop\Calculator.lnk
[2011/05/08 12:32:10 | 000,001,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2 C:\Documents and Settings\Timothy Rock\My Documents\*.tmp files -> C:\Documents and Settings\Timothy Rock\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/04 21:31:56 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Desktop\tdsskiller.zip
[2011/06/04 15:22:07 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/03 19:31:49 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Desktop\uk9essxp.exe
[2011/06/03 18:51:19 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\stinger10101629.opt
[2011/05/08 12:32:07 | 000,001,506 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/15 22:43:09 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 20:10:16 | 000,016,847 | -H-- | C] () -- C:\WINDOWS\hpothb07.dat
[2009/09/23 14:37:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/13 22:12:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhotoNow.INI
[2008/10/13 19:47:52 | 000,016,980 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2008/10/13 19:47:52 | 000,000,147 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2008/07/29 22:09:36 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/07/29 22:09:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2008/05/05 18:06:21 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/13 18:42:25 | 000,036,864 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2008/02/11 20:28:55 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/09/09 20:09:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/04/11 19:33:33 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Timothy Rock\Local Settings\Application Data\kodakpcd.ini
[2007/03/12 01:29:12 | 000,000,015 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/02/02 21:26:00 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/08/02 20:49:54 | 000,000,201 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/10 21:35:38 | 000,000,733 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/07 21:57:14 | 000,030,720 | ---- | C] () -- C:\WINDOWS\System32\REGTLIB.EXE
[2006/05/03 20:33:47 | 000,000,269 | -H-- | C] () -- C:\Documents and Settings\Timothy Rock\Application Data\hpothb07.tif
[2006/05/03 20:33:47 | 000,000,199 | -H-- | C] () -- C:\Documents and Settings\Timothy Rock\Application Data\hpothb07.dat
[2006/02/27 17:09:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2006/02/20 20:58:36 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpqcopy.INI
[2006/02/18 17:10:06 | 000,000,422 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/02/05 20:39:50 | 000,001,003 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/05 19:35:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/05 19:20:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/05 19:08:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/05 19:07:23 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/02/05 18:49:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/05 18:49:12 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/05 18:49:12 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/05 18:49:12 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/05 18:49:12 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/05 18:49:03 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/05 18:48:57 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/05 18:48:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/05 18:48:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/05 18:48:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/05 18:47:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/05 18:46:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/02/05 18:38:57 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/02/18 17:40:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2001/09/26 20:23:00 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2001/09/26 20:22:48 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2001/09/26 20:22:40 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001/09/26 20:22:34 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2001/09/26 20:22:28 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2001/09/26 20:22:04 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001/09/26 20:21:00 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2001/09/26 20:20:06 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2000/11/30 12:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe

========== LOP Check ==========

[2007/03/12 00:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/09 18:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2006/02/05 22:09:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\MSNInstaller
[2007/01/27 19:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\OfficeUpdate12
[2007/02/02 21:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\MyFamily.com
[2008/11/13 22:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\Opera
[2009/10/12 02:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Timothy Rock\Application Data\PolyView
[2011/06/05 02:28:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
[2011/06/05 02:28:02 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

Newbie Poster

11 posts since Apr 2010

Reputation Points: 10

Solved Threads: 0

(For anyone who may read this- per Crunchie, the last Quick Scan came out okay).

Booting up this morning was normal, except the antivirus got "hung up" again. The *other user of this computer* uninstalled and reinstalled it. Now, after a reboot, it appears to be behaving normally.
Other programs are also running normally. Overall speed is the same as before the rootkit got on here (slow, but it's old and memory is limited).

All users will be watching the system in the future for strange happenings.

A warm thank-you to Crunchie and the rest of the community. I truly can't believe the problem could be so quickly resolved, and that it would be behaving normally again. Thanks so much!

Newbie Poster

11 posts since Apr 2010

Reputation Points: 10

Solved Threads: 0

Show Comments

You are welcome :). Please post back in a couple of days and if all is still well, I will show you how to correctly remove the tools used.

Most Valuable Poster

Moderator

20,095 posts since Feb 2004

Reputation Points: 1,142

Solved Threads: 985

Hi again. Here is how to remove those tools used:

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.