Jump to content

nervoz

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Things are much better. Here are the DDS and security logs: DDS (Ver_09-12-01.01) - NTFSx86 Run by Jason at 21:40:48.82 on Thu 01/21/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.336 [GMT -5:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SealedMedia\sealmon.exe C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe C:\Program Files\QuickTime\qttask.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Jason\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com/ BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit uRun: [pdfSaver3] "c:\program files\tracker software\pdf-xchange 3\pdfsaver\pdfSaver3.exe" uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe mRun: [HPHmon04] c:\windows\system32\hphmon04.exe mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe" mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [sealmon] c:\program files\sealedmedia\sealmon.exe mRun: [MMReminderService] c:\program files\mindjet\mindmanager 6\MMReminderService.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [sunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_17.dll IE: {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - {AC41D38F-B56D-40AD-94E0-B493D130C959} - c:\program files\mindjet\mindmanager 6\Mm6InternetExplorer.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL Trusted Zone: microsoft.com\office DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124848761598 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jason\applic~1\mozilla\firefox\profiles\ob1rqo29.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/|http://finance.yahoo.com/|http://www.marylandoutdoorclub.com/ FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-13 214664] R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-13 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-13 144704] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-7 92008] R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2005-8-24 17149] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-13 79816] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-13 35272] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-8-24 43392] S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-13 606736] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-13 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-13 40552] S3 RioS50;RioS50 driver;c:\windows\system32\drivers\RioS50.sys [2006-12-20 12658] =============== Created Last 30 ================ 2010-01-16 14:38:19 0 d-----w- c:\documents and settings\jason\.SunDownloadManager 2010-01-14 00:52:20 0 d-sha-r- C:\cmdcons 2010-01-14 00:51:05 98816 ----a-w- c:\windows\sed.exe 2010-01-14 00:51:05 77312 ----a-w- c:\windows\MBR.exe 2010-01-14 00:51:05 261632 ----a-w- c:\windows\PEV.exe 2010-01-14 00:51:05 161792 ----a-w- c:\windows\SWREG.exe 2010-01-13 23:16:26 0 d-----w- C:\_OTL 2010-01-12 23:22:06 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-10 23:27:43 0 d-----w- c:\program files\TrendMicro ==================== Find3M ==================== 2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2003-06-20 07:05:04 49776 ----a-w- c:\windows\inf\usbhub20.sys 2003-06-20 07:05:04 24752 ----a-w- c:\windows\inf\hidclass.sys 2003-06-20 07:05:04 20688 ----a-w- c:\windows\inf\usbd.sys 2003-06-20 07:05:04 19728 ----a-w- c:\windows\inf\usbehci.sys 2003-06-20 07:05:04 138288 ----a-w- c:\windows\inf\usbport.sys 2009-10-15 22:31:55 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2008-09-19 03:47:01 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091820080919\index.dat ============= FINISH: 21:42:57.09 =============== Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee SecurityCenter `````````````````````````````` Anti-malware/Other Utilities Check: Windows Defender Windows Defender Signatures Java 6 Update 17 Adobe Flash Player 10 Adobe Reader 8.1.1 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent McAfee VIRUSS~1 mcshield.exe McAfee VIRUSS~1 mcsysmon.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` Attach.txt
  2. Looking better. I ran Java Ra and cleaned up old versions but I was unable to download the latest JRE from the webpage. I'm on update 17 right now. Several attempts all ended with "download failed, unable to verify." Here is the log from Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, January 16, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, January 16, 2010 15:32:52 Records in database: 3320163 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ Scan statistics: Objects scanned: 127596 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 08:32:33 No threats found. Scanned area is clean. Selected area has been scanned.
  3. Ran TFC and rebooted. Ran MBAM Quick Scan with no infections! So am I finally cured? MBAM Log attached: Malwarebytes' Anti-Malware 1.44 Database version: 3563 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/14/2010 12:40:25 PM mbam-log-2010-01-14 (12-40-25).txt Scan type: Quick Scan Objects scanned: 108710 Time elapsed: 11 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Thanks for your ongoing help. After the OTL fix, reboot, and quick scan here is the latest log followed by the ComboFix log. OTL logfile created on: 1/13/2010 6:24:25 PM - Run 2 OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Jason\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 309.00 Mb Available Physical Memory | 40.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 88.49 Gb Free Space | 79.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZEUS Current User Name: Jason Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\SealedMedia\sealmon.exe () PRC - C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe (Mindjet) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) PRC - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe (NETGEAR) PRC - C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (Pml Driver HPH11) -- C:\WINDOWS\system32\hphipm11.exe (HP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://finance.yahoo.com/|http://www.marylandoutdoorclub.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/03/22 09:48:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 21:45:57 | 00,000,000 | ---D | M] [2009/08/22 18:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions [2009/08/22 18:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/01/02 17:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ob1rqo29.default\extensions [2006/11/11 09:16:34 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ob1rqo29.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/01/10 17:34:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/06/19 04:16:24 | 00,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll [2008/06/19 04:16:24 | 00,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll [2006/06/22 13:44:00 | 02,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft
  5. and the Extras.txt log: OTL Extras logfile created on: 1/12/2010 7:21:34 PM - Run 1 OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Jason\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 52.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 86.09 Gb Free Space | 77.02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZEUS Current User Name: Jason Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Rio\Rio Music Manager\riomm.exe" = C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager -- File not found "C:\Program Files\LogoSmartzTrial\Exe\TrialLogoSmartz.exe" = C:\Program Files\LogoSmartzTrial\Exe\TrialLogoSmartz.exe:*:Enabled:TrialLogoSmartz -- (Netsmartz) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.) "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.) "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer -- (Microsoft Corporation) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\Program Files\QuickTime\qttask.exe" = C:\Program Files\QuickTime\qttask.exe:*:Enabled:qttask -- (Apple Inc.) "C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe" = C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy -- (McAfee, Inc.) "C:\Program Files\McAfee\MPF\MpfSrv.exe" = C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv -- (McAfee, Inc.) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2 "{227246B3-74D1-412D-9442-36983718096B}" = Mindjet MindManager Pro 6 "{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3592F5CB-B524-43AA-92F2-2377268199CC}" = iTunes "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor "{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T Smart Wizard Wireless Utility "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007 "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{72BA350B-D90A-42CC-AF01-98C13EE60316}" = TaxCut Maryland 2007 "{73A99ADC-5B8D-4D1C-9A4A-A9545F756E70}" = Microsoft Expression Design "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1) "{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English) "{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003 "{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008 "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9 "{E240C454-7D66-4785-931B-24E395B09140}" = SealedMedia Unsealer 5.2.7 "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{F8320240-6330-40E0-B296-BB0DE5629925}" = TaxCut Maryland 2008 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2 "Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3 "Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3 "CAL" = Canon Camera Access Library "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "CSCLIB" = Canon Camera Support Core Library "DeductionPro 2006" = DeductionPro 2006 "EOS Utility" = Canon Utilities EOS Utility "hp instant support" = hp instant support "hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "LogoSmartz 4.0 Trial" = LogoSmartz 4.0 Trial "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5) "MSC" = McAfee SecurityCenter "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "Pdf995" = Pdf995 (installed by TaxCut) "PdfEdit995" = PdfEdit995 (installed by TaxCut) "PDF-XChange 3_is1" = PDF-XChange 3.0 "PhotoStitch" = Canon Utilities PhotoStitch "PictureIt_v9" = Microsoft Picture It! Photo Premium 9 "RealPlayer 6.0" = RealPlayer "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "TaxCut Deluxe 2005" = TaxCut Deluxe 2005 "TaxCut Premium 2006" = TaxCut Premium 2006 "TomTom HOME" = TomTom HOME 2.7.0.1785 "Video Converter 3" = Video Converter 3 "WebDesigner" = Microsoft Expression Web Trial "WebLog Expert Lite_is1" = WebLog Expert Lite 3.6 "WIC" = Windows Imaging Component "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "Yahoo! SiteBuilder" = Yahoo! SiteBuilder "Yahoo! SiteBuilder2.6-J" = Yahoo! SiteBuilder2.6-J "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! SiteBuilder" = Yahoo! SiteBuilder "Yahoo! SiteBuilder2.6-J" = Yahoo! SiteBuilder2.6-J ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/20/2009 5:45:48 PM | Computer Name = ZEUS | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18854, fault address 0x000d6a3b. Error - 12/29/2009 10:58:34 PM | Computer Name = ZEUS | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 12/29/2009 10:58:34 PM | Computer Name = ZEUS | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved Error - 12/31/2009 1:45:21 AM | Computer Name = ZEUS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/31/2009 11:40:47 PM | Computer Name = ZEUS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/1/2010 2:37:19 PM | Computer Name = ZEUS | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/9/2010 12:14:47 AM | Computer Name = ZEUS | Source = Application Error | ID = 1000 Description = Faulting application MsMpEng.exe, version 1.1.1593.0, faulting module kbdsock.dll, version 5.5.3400.4432, fault address 0x000064ed. Error - 1/9/2010 12:16:54 AM | Computer Name = ZEUS | Source = Application Error | ID = 1000 Description = Faulting application MsMpEng.exe, version 1.1.1593.0, faulting module kbdsock.dll, version 5.5.3400.4432, fault address 0x000064ed. Error - 1/9/2010 10:53:13 AM | Computer Name = ZEUS | Source = Application Error | ID = 1000 Description = Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Error - 1/11/2010 11:57:40 PM | Computer Name = ZEUS | Source = Microsoft Office 10 | ID = 1000 Description = Faulting application winword.exe, version 10.0.6856.0, faulting module winword.exe, version 10.0.6856.0, fault address 0x00004acf. [ System Events ] Error - 1/10/2010 8:53:41 PM | Computer Name = ZEUS | Source = SRService | ID = 104 Description = The System Restore initialization process failed. Error - 1/10/2010 8:55:12 PM | Computer Name = ZEUS | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 Error - 1/10/2010 10:57:24 PM | Computer Name = ZEUS | Source = SRService | ID = 104 Description = The System Restore initialization process failed. Error - 1/10/2010 10:58:54 PM | Computer Name = ZEUS | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 Error - 1/11/2010 11:24:46 PM | Computer Name = ZEUS | Source = SRService | ID = 104 Description = The System Restore initialization process failed. Error - 1/11/2010 11:26:14 PM | Computer Name = ZEUS | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 Error - 1/12/2010 7:07:06 PM | Computer Name = ZEUS | Source = SRService | ID = 104 Description = The System Restore initialization process failed. Error - 1/12/2010 7:08:39 PM | Computer Name = ZEUS | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 1/12/2010 7:08:40 PM | Computer Name = ZEUS | Source = Service Control Manager | ID = 7023 Description = The System Restore Service service terminated with the following error: %%2 Error - 1/12/2010 7:14:27 PM | Computer Name = ZEUS | Source = Dhcp | ID = 1001 Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000FB53A21A1. The following error occurred: %%1223. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. < End of report >
  6. Okay here is the OTL.txt log: OTL logfile created on: 1/12/2010 7:21:34 PM - Run 1 OTL by OldTimer - Version 3.1.23.0 Folder = C:\Documents and Settings\Jason\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 398.00 Mb Available Physical Memory | 52.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free Paging file location(s): C:\pagefile.sys 384 768 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.78 Gb Total Space | 86.09 Gb Free Space | 77.02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZEUS Current User Name: Jason Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\SealedMedia\sealmon.exe () PRC - C:\Program Files\Mindjet\MindManager 6\MmReminderService.exe (Mindjet) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) PRC - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe (NETGEAR) PRC - C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe (Tracker Software Products Ltd.) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jason\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (Pml Driver HPH11) -- C:\WINDOWS\system32\hphipm11.exe (HP) ========== Driver Services (SafeList) ========== DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications) DRV - (AR5523) -- C:\WINDOWS\system32\drivers\wg11tnd5.sys (NETGEAR, Inc.) DRV - (ATHFMWDL) -- C:\WINDOWS\system32\drivers\Athfmwdl.sys (Windows ® 2000 DDK provider) DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (RioS50) -- C:\WINDOWS\system32\drivers\RioS50.sys (SonicBlue Inc.) DRV - (Dot4 HPH11) -- C:\WINDOWS\system32\drivers\hphid411.sys (HP) DRV - (Dot4Usb HPH11) -- C:\WINDOWS\system32\drivers\hphius11.sys (HP) DRV - (Dot4Print HPH11) -- C:\WINDOWS\system32\drivers\hphipr11.sys (HP) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (HCF_MSFT) -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys (Conexant) DRV - (nv4) -- C:\WINDOWS\system32\drivers\nv4.sys (NVIDIA Corporation) DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.) DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.) DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.) DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/|http://finance.yahoo.com/|http://www.marylandoutdoorclub.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/03/22 09:48:54 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 21:45:57 | 00,000,000 | ---D | M] [2009/08/22 18:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions [2009/08/22 18:46:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/01/02 17:17:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ob1rqo29.default\extensions [2006/11/11 09:16:34 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jason\Application Data\Mozilla\Firefox\Profiles\ob1rqo29.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/01/10 17:34:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2008/06/19 04:16:24 | 00,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll [2008/06/19 04:16:24 | 00,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll [2006/06/22 13:44:00 | 02,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe File not found O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft
  7. Hello, Looks like I also have a Rootkit.Agent that just won't go away. Looking forward to your help. Here are the logs: Malwarebytes' Anti-Malware 1.44 Database version: 3537 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/10/2010 8:22:27 PM mbam-log-2010-01-10 (20-22-23).txt Scan type: Quick Scan Objects scanned: 126181 Time elapsed: 26 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ygua8e7yhuiesfha876yfauy8fe (Trojan.Downloader) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\jgcecf.sys (Rootkit.Agent) -> No action taken. C:\Documents and Settings\Jason\Local Settings\Temp\dfgdgdfgrgdgfdrdfs.tmp (Trojan.Downloader) -> No action taken. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 8:28:55 PM, on 1/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\WINDOWS\system32\hphmon04.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\SealedMedia\sealmon.exe C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\DOCUME~1\Jason\LOCALS~1\Temp\adirqrc.exe C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+ O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Jason\LOCALS~1\Temp\adirqrc.exe O4 - HKUS\S-1-5-19\..\Run: [porujihimi] Rundll32.exe "C:\WINDOWS\system32\dajidomu.dll",s (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [porujihimi] Rundll32.exe "C:\WINDOWS\system32\dajidomu.dll",s (User 'NETWORK SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124848761598 O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab O18 - Filter hijack: text/html - {4fe520b7-b453-499e-9894-b9433a913913} - C:\WINDOWS\default32.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdsock.dll,vewaboji.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8819 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.