WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Left over after PCDefender removed

2 posters

descriptionLeft over after PCDefender removed EmptyLeft over after PCDefender removed16th March 2010, 1:01 am

more_horiz
Hi Yall
I used your prgram to remove WinPCDefender. Now I get a reocurring DL1.exe. I cannot remove it but it punches the CPU to 100% all the time. Any help Please.
thanks
reed

descriptionLeft over after PCDefender removed EmptyRe: Left over after PCDefender removed16th March 2010, 1:15 am

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Left over after PCDefender removed DXwU4
Left over after PCDefender removed VvYDg

descriptionLeft over after PCDefender removed EmptyRe: Left over after PCDefender removed16th March 2010, 3:42 am

more_horiz
OTL logfile created on: 3/15/2010 9:27:04 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 570.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.76 Gb Total Space | 6.27 Gb Free Space | 18.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUSH
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/15 21:25:51 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
PRC - [2010/03/14 16:27:13 | 000,345,088 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Temp\dl1.exe
PRC - [2010/03/14 15:15:22 | 000,135,664 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.2.183.17\GoogleCrashHandler.exe
PRC - [2009/11/19 21:00:10 | 004,808,704 | ---- | M] () -- C:\Program Files\USIM Editor\iconcs4750703.exe
PRC - [2009/11/19 21:00:08 | 000,065,536 | ---- | M] () -- C:\WINDOWS\SYSTEM32\afasrv32.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 19:22:24 | 005,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
PRC - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/05/01 14:35:10 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/02/11 10:06:36 | 000,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/01 16:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/03/13 11:43:55 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/02/03 09:34:58 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2005/02/03 02:08:52 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/09/14 08:50:48 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/15 21:25:51 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
MOD - [2009/02/11 10:06:38 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/19 21:00:08 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SYSTEM32\afasrv32.exe -- (AfaService)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 19:22:22 | 000,068,112 | ---- | M] (McAfee) [On_Demand | Stopped] -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor)
SRV - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/01 14:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/02/11 10:06:36 | 000,210,216 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/10/25 15:13:32 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/03/15 04:17:15 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/05/27 10:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MHIKEY10.sys -- (MHIKEY10)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/03/13 11:43:59 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys -- (ASCTRM)
DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/12 08:07:42 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/12 08:06:53 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/12 08:06:53 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/12 08:06:53 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/12 08:06:52 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/12 08:06:16 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/12 08:03:54 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/12 08:03:53 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/12 08:03:53 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/12 08:00:09 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/12 07:56:47 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/12 07:56:06 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/12 07:55:49 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/12 07:55:49 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/12 07:55:47 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/14 12:27:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/12/05 17:40:47 | 000,000,667 | RHS- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 89.149.210.109 www.google.de
O1 - Hosts: 89.149.210.109 www.google.fr
O1 - Hosts: 89.149.210.109 www.google.com.br
O1 - Hosts: 89.149.210.109 www.google.it
O1 - Hosts: 89.149.210.109 www.google.es
O1 - Hosts: 89.149.210.109 www.google.co.jp
O1 - Hosts: 89.149.210.109 www.google.com.mx
O1 - Hosts: 89.149.210.109 www.google.ca
O1 - Hosts: 89.149.210.109 www.google.com.au
O1 - Hosts: 89.149.210.109 www.google.nl
O1 - Hosts: 89.149.210.109 www.google.co.za
O1 - Hosts: 89.149.210.109 www.google.be
O1 - Hosts: 89.149.210.109 www.google.gr
O1 - Hosts: 89.149.210.109 www.google.at
O1 - Hosts: 89.149.210.109 www.google.se
O1 - Hosts: 89.149.210.109 www.google.ch
O1 - Hosts: 89.149.210.109 www.google.pt
O1 - Hosts: 89.149.210.109 www.google.dk
O1 - Hosts: 89.149.210.109 www.google.fi
O1 - Hosts: 89.149.210.109 www.google.ie
O1 - Hosts: 89.149.210.109 www.google.no
O1 - Hosts: 89.149.210.109
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [USBestCR] C:\Program Files\USIM Editor\iconcs4750703.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DriverCheck] C:\Documents and Settings\Mike\Local Settings\Temp\dl1.exe ()
O4 - HKCU..\Run: [DriverLoad] C:\Documents and Settings\Mike\Local Settings\Temp\dl1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DriverLoad = C:\DOCUME~1\Mike\LOCALS~1\Temp\dl1.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DriverCheck = C:\DOCUME~1\Mike\LOCALS~1\Temp\dl1.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257383139265 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: fisojohov - {6c7e31f3-ae35-416a-9dca-48c26f297294} - CLSID or File not found.
O21 - SSODL: gomupemid - {959e45c7-8f59-4af8-be3c-6aee04ec3cd3} - CLSID or File not found.
O21 - SSODL: guhuyoget - {5ecaf665-d201-4019-b20f-87a318878dda} - CLSID or File not found.
O21 - SSODL: jeyoromer - {9b80e90e-e814-4507-974f-217028db2147} - CLSID or File not found.
O21 - SSODL: pidiyiruv - {93663a90-d953-4cff-a0d6-6cfeb58eccab} - CLSID or File not found.
O21 - SSODL: puwajemuv - {6d6ed635-a1de-4964-9456-84fe8fed7237} - CLSID or File not found.
O21 - SSODL: suhelomah - {6553e9b1-5d25-4c0f-b06d-f71054c250a8} - CLSID or File not found.
O22 - SharedTaskScheduler: {5ecaf665-d201-4019-b20f-87a318878dda} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {6553e9b1-5d25-4c0f-b06d-f71054c250a8} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {6c7e31f3-ae35-416a-9dca-48c26f297294} - gahurihor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {6d6ed635-a1de-4964-9456-84fe8fed7237} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {81538f86-8f31-4b71-b739-855e14790d16} - gahurihor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {93663a90-d953-4cff-a0d6-6cfeb58eccab} - gahurihor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {959e45c7-8f59-4af8-be3c-6aee04ec3cd3} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {9b80e90e-e814-4507-974f-217028db2147} - mujuzedij - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/15 21:26:22 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/15 02:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\moqlfe
[2010/03/14 20:15:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/03/14 20:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/14 20:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/14 14:50:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/14 14:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/03/14 14:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Malwarebytes
[2010/03/14 14:23:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/14 14:23:06 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/14 14:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 14:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/14 12:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/03/14 12:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010/02/08 08:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/02/08 08:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/08 08:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/07 19:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/09 10:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/10/25 15:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/10/11 10:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/10/11 10:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2009/08/28 22:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/07/05 08:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/07/05 08:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/11/02 18:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2007/11/02 18:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2007/09/03 07:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/03/30 20:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2007/03/30 20:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2007/03/30 20:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006/02/19 21:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/03/13 10:59:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/15 21:27:18 | 000,324,096 | ---- | M] () -- C:\WINDOWS\System32\emp200.exe
[2010/03/15 21:27:10 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/03/15 21:27:06 | 000,000,440 | ---- | M] () -- C:\200.js
[2010/03/15 21:25:51 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike\Desktop\OTL.exe
[2010/03/15 21:21:56 | 000,021,037 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/03/15 21:21:10 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1677879946-3676571163-289259045-1006UA.job
[2010/03/15 21:21:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/03/15 21:20:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/03/15 21:20:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/15 21:20:04 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 21:20:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/15 21:19:08 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Mike\NTUSER.DAT
[2010/03/15 21:19:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mike\NTUSER.INI
[2010/03/15 17:24:20 | 000,044,024 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/03/15 17:21:37 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/03/15 17:21:31 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/15 15:21:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1677879946-3676571163-289259045-1006Core.job
[2010/03/15 06:40:08 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/03/15 06:27:08 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/03/15 05:40:04 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/03/15 05:27:02 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/03/15 04:40:06 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/03/15 04:27:02 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/03/15 04:17:15 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/03/15 03:40:02 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/03/15 03:27:02 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/03/15 02:40:06 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/03/15 02:27:05 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/03/15 02:07:37 | 000,110,080 | ---- | M] () -- C:\WINDOWS\System32\kbddta.dll
[2010/03/15 02:07:37 | 000,098,304 | ---- | M] () -- C:\WINDOWS\System32\kbvdt.dll
[2010/03/15 01:40:02 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/03/15 01:31:37 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/03/15 01:27:05 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/03/15 00:40:14 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/03/15 00:27:05 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/03/14 23:40:24 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/03/14 23:27:07 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/03/14 22:40:05 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/03/14 22:27:10 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/03/14 21:40:22 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/03/14 16:48:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/14 14:59:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/14 14:40:42 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\PC Medkit.job
[2010/03/14 14:23:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 12:20:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/02/24 20:40:17 | 000,000,440 | ---- | M] () -- C:\101.js
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/23 18:54:46 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\litahude
[2010/02/23 16:44:45 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysAC719CE3
[2010/02/23 16:42:55 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysB0DAAA08
[2010/02/23 16:11:29 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysBBCB1DBD
[2010/02/23 16:09:49 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys4587B996
[2010/02/23 13:23:59 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys1D3E58EE
[2010/02/23 12:35:29 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys9E48CB2F
[2010/02/23 11:26:50 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sysC9C67E03
[2010/02/18 02:27:01 | 000,000,440 | ---- | M] () -- C:\100.js
[2010/02/18 01:40:04 | 000,000,487 | ---- | M] () -- C:\99.js
[2010/02/14 13:27:03 | 000,000,487 | ---- | M] () -- C:\88.js
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/15 02:07:37 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\kbvdt.dll
[2010/03/15 02:07:36 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\kbddta.dll
[2010/03/14 20:16:18 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/14 16:27:13 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\emp200.exe
[2010/03/14 16:27:02 | 000,000,440 | ---- | C] () -- C:\200.js
[2010/03/14 14:23:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 13:28:28 | 000,000,336 | ---- | C] () -- C:\WINDOWS\tasks\PC Medkit.job
[2010/02/24 18:40:11 | 000,000,440 | ---- | C] () -- C:\101.js
[2010/02/23 16:44:45 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysAC719CE3
[2010/02/23 16:42:55 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysB0DAAA08
[2010/02/23 16:11:29 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysBBCB1DBD
[2010/02/23 16:09:49 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys4587B996
[2010/02/23 13:23:59 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys1D3E58EE
[2010/02/23 12:35:29 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys9E48CB2F
[2010/02/23 11:26:50 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sysC9C67E03
[2010/02/18 02:27:01 | 000,000,440 | ---- | C] () -- C:\100.js
[2010/02/15 18:27:04 | 000,000,487 | ---- | C] () -- C:\99.js
[2010/01/31 19:58:47 | 000,003,513 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/24 21:26:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/20 21:22:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/08/28 22:24:59 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\92BB30
[2009/08/28 22:24:58 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\mcs.rma
[2009/07/18 15:23:50 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/09/11 20:05:52 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/22 18:54:52 | 000,000,797 | ---- | C] () -- C:\WINDOWS\KPSTUDIO.INI
[2006/09/22 18:54:52 | 000,000,305 | ---- | C] () -- C:\WINDOWS\PROVW.INI
[2006/09/22 18:53:56 | 000,000,119 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/09/21 19:44:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/09/18 19:29:55 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/01/15 15:52:04 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/06 11:03:07 | 000,000,768 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/08/06 11:01:31 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2005/08/06 11:01:31 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2005/03/30 21:55:24 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/03/28 20:34:05 | 000,002,824 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/03/28 19:18:02 | 000,000,165 | ---- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2005/03/27 11:21:37 | 000,000,823 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/03/16 19:23:06 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PFP120JPR.{PB
[2005/03/16 19:23:06 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\PFP120JCM.{PB
[2005/03/15 22:44:57 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2005/03/13 11:51:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/13 11:48:52 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/13 11:01:06 | 000,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/02/02 16:40:24 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2005/02/02 16:39:14 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2005/02/02 16:03:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2005/02/02 15:49:32 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2004/09/15 22:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 07:55:51 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/08/10 13:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/10/08 08:09:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[1980/01/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >

descriptionLeft over after PCDefender removed EmptyRe: Left over after PCDefender removed16th March 2010, 3:43 am

more_horiz
OTL Extras logfile created on: 3/15/2010 9:27:04 PM - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Mike\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 570.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.76 Gb Total Space | 6.27 Gb Free Space | 18.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUSH
Current User Name: Mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro Studio] -- "C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\\Paint Shop Pro Studio.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"9999:TCP" = 9999:TCP:LocalSubNet:Enabled:DNA
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Basic 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.)
"C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\SSFLWBOX.SCR" = C:\WINDOWS\SYSTEM32\SSFLWBOX.SCR:*:Enabled:SSFLWBOX -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe" = C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy -- (McAfee, Inc.)
"C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\CDER4TU7\DMSetup[1].exe" = C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\CDER4TU7\DMSetup[1].exe:*:Enabled:DMSetup[1] -- File not found
"C:\Documents and Settings\Mike\Local Settings\Temp\McInstallTemp\Install.exe" = C:\Documents and Settings\Mike\Local Settings\Temp\McInstallTemp\Install.exe:*:Enabled:Install -- (McAfee, Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" = C:\Program Files\Dell Photo AIO Printer 942\memcard.exe:*:Enabled:memcard -- ()
"C:\Program Files\DellSupport\DSAgnt.exe" = C:\Program Files\DellSupport\DSAgnt.exe:*:Enabled:DSAgnt -- (Gteko Ltd.)
"C:\Program Files\America Online 9.0\aoltray.exe" = C:\Program Files\America Online 9.0\aoltray.exe:*:Enabled:aoltray -- (America Online, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{492724FC-3B26-46B4-824F-3CE2722D9AA0}" = Apple Software Update
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{703DE3AE-513C-11D6-B2F9-0002A5E32BEF}" = Pinball Panic
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{763E8D6C-0098-4FF4-801A-3F311D2D9D80}" = Apple Mobile Device Support
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch®️ Jukebox
"{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}" = H&R Block Tax Offer
"{91477C6F-EC7C-4BFC-BBE1-E45908019DED}" = LightScribe 1.4.52.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{974C05A0-C76C-4724-A9A2-11D5D1355729}" = iTunes
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2AB8AF6-AE06-438F-A3D5-C9FBFBDB0AC0}" = Backyard Basketball 2004
"{B3EF1460-CCF9-11D4-B231-0050DACD394D}" = Disney's Winnie the Pooh Kindergarten
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8F0B131-6267-4E10-B0BA-68E096B92C8B}" = Backyard Basketball 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Arthur's Math Games" = Arthur's Math Games
"BluesCluesPreschoolDKey" = Blue's Preschool
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.24.0
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"Encarta98" = Microsoft Encarta 98 Encyclopedia
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{B2AB8AF6-AE06-438F-A3D5-C9FBFBDB0AC0}" = Backyard Basketball 2004
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Kid Pix Studio Deluxe" = Kid Pix Studio Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mickey Mouse Kindergarten" = Disney's Mickey Mouse Kindergarten
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NeroMultiInstaller!UninstallKey" = Nero Suite
"Pencil-Pal Preschool" = Pencil-Pal Preschool
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Reading Readiness" = Reading Readiness
"RealPlayer 6.0" = RealPlayer Basic
"Stellaluna" = Stellaluna
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Transition Math K-1" = Transition Math K-1
"TurboTax 2008" = TurboTax 2008
"TurboTax Basic 2007" = TurboTax Basic 2007
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2010 2:23:05 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 3:23:05 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 4:23:05 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 5:23:06 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 6:23:05 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 8:23:11 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 9:23:09 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 10:23:11 PM | Computer Name = BUSH | Source = Google Update | ID = 20
Description =

Error - 3/15/2010 11:00:24 PM | Computer Name = BUSH | Source = Application Error | ID = 1000
Description = Faulting application dl1.exe, version 0.1.0.0, faulting module mshtml.dll,
version 6.0.2900.5921, fault address 0x00072357.

Error - 3/15/2010 11:14:01 PM | Computer Name = BUSH | Source = Application Error | ID = 1001
Description = Fault bucket 1714188672.

[ System Events ]
Error - 3/15/2010 8:13:10 AM | Computer Name = BUSH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/15/2010 8:13:10 AM | Computer Name = BUSH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/15/2010 8:13:10 AM | Computer Name = BUSH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/15/2010 8:13:10 AM | Computer Name = BUSH | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/15/2010 7:21:52 PM | Computer Name = BUSH | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/15/2010 7:22:57 PM | Computer Name = BUSH | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/15/2010 11:20:16 PM | Computer Name = BUSH | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 3/15/2010 11:20:30 PM | Computer Name = BUSH | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 3/15/2010 11:21:32 PM | Computer Name = BUSH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 3/15/2010 11:21:40 PM | Computer Name = BUSH | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2


< End of report >

descriptionLeft over after PCDefender removed EmptyRe: Left over after PCDefender removed16th March 2010, 3:02 pm

more_horiz
hello Belahzur
this is a slick scan. i really like it. what i am getting now also is arequest that i must re load video activex.
reed

descriptionLeft over after PCDefender removed EmptyRe: Left over after PCDefender removed16th March 2010, 5:39 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Left over after PCDefender removed CF_download_FF

    Left over after PCDefender removed CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Left over after PCDefender removed Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Left over after PCDefender removed Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Left over after PCDefender removed DXwU4
Left over after PCDefender removed VvYDg

descriptionLeft over after PCDefender removed EmptyRe: Left over after PCDefender removed

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum