jimnall

I'm following the 'im infected' procedure in the forum. My system has been running slow but i'm also hearing a sound, probably from "C", that is an abnormal clicking. I'm also trying to receive audio streaming from "Broadwave' unsuccessfully. When I ran TCPVIEW I saw a procedure labelled 'unknown' which I was unable to display th properties of. After a few minutes that procedure line in TCPVIEW suddenly turned RED and disappeared. Whan I ran GMER rootkit I got an error saying I had a malicious win32.mbroot code @ 156280323. I also have PE Builder on my system with an address of 156280345. For all of the above reasons I'd like your assistance to determine whether I have a reason to be concerned. I'm running Microsoft Security Essentials and MBAM only. I didn't run the diagnostic programs in the exact order specified in the 'im infected' post. If I need to do that please let me know and i'll redo this. The requested logs from DDS, TCPVIEW, GMER, MBAM and MSE are attached/copied. DDS.txt . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by jim nall at 10:12:14 on 2011-08-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1029 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\NCH Swift Sound\VRS\vrs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NCH Swift Sound\VRS\vrs.exe C:\Program Files\MSI\DigiCell\DigiCell.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\ATI Technologies\ATI.ACE\DualCoreCenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\jim nall\Desktop\c5pkrslg.exe C:\WINDOWS\system32\wuauclt.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://search.myheritage.com uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [skyTel] SkyTel.EXE mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe" mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [VRS] "c:\program files\nch swift sound\vrs\vrs.exe" -logon StartupFolder: c:\docume~1\jimnal~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digicell.lnk - c:\program files\msi\digicell\DigiCell.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - c:\program files\ati technologies\ati.ace\StartUpDualCoreCenter.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309482421578 DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://www.mytripjournal.com/ImageUploader7.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6EC65E08-84D6-4F4C-AF1C-9EC8484B386B} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7C438724-3BAD-4391-8163-FC4F0A4641DD} : DhcpNameServer = 192.168.1.1 Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648] R1 MpKslf5eee746;MpKslf5eee746;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\MpKslf5eee746.sys [2011-8-24 28752] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-1 366640] R2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2011-8-22 1206276] R3 DigiCellDriver;DigiCellDriver;c:\program files\msi\digicell\NTGLM7X.sys [2006-6-7 28672] R3 DualCoreCenter;DualCoreCenter;c:\program files\ati technologies\ati.ace\NTGLM7X.sys [2011-6-30 28160] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-1 22712] R3 RushTopDevice2;RushTopDevice2;c:\program files\ati technologies\ati.ace\RushTop.sys [2011-6-30 46080] R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2011-8-22 49240] S0 cerc6;cerc6; [x] S1 MpKsl11f4823c;MpKsl11f4823c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl11f4823c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl11f4823c.sys [?] S1 MpKsl15de8a0c;MpKsl15de8a0c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\mpksl15de8a0c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\MpKsl15de8a0c.sys [?] S1 MpKsl2abbd54e;MpKsl2abbd54e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl2abbd54e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl2abbd54e.sys [?] S1 MpKsl5ef8b15e;MpKsl5ef8b15e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl5ef8b15e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl5ef8b15e.sys [?] S1 MpKsl706531cd;MpKsl706531cd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl706531cd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl706531cd.sys [?] S1 MpKsl7b3f26d9;MpKsl7b3f26d9;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpksl7b3f26d9.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKsl7b3f26d9.sys [?] S1 MpKslefbd943c;MpKslefbd943c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\mpkslefbd943c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b331e23b-c6ff-489c-9e8f-db0bf4791766}\MpKslefbd943c.sys [?] S1 MpKslf0e7be37;MpKslf0e7be37;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\mpkslf0e7be37.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d6c0199a-3047-4cd2-8778-fc3c58cc67ce}\MpKslf0e7be37.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-5 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] . =============== Created Last 30 ================ . 2011-08-24 15:07:10 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\MpKslf5eee746.sys 2011-08-24 15:06:52 7152464 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{89ffd821-30e7-40d0-b522-0301504e33f9}\mpengine.dll 2011-08-22 20:15:48 49240 ----a-w- c:\windows\system32\drivers\stdriver32.sys 2011-08-22 20:09:51 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Nero 2011-08-22 19:02:16 0 ----a-w- c:\windows\ativpsrm.bin 2011-08-20 20:58:36 -------- d-----w- c:\program files\Rocket Division Software 2011-08-05 15:38:54 -------- d-----w- c:\windows\Logs 2011-08-05 15:27:13 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Google 2011-08-01 15:44:00 -------- d-----w- c:\program files\RealVNC 2011-07-31 21:23:58 -------- d-----w- c:\documents and settings\jim nall\application data\NCH Software 2011-07-31 21:23:29 -------- d-----w- c:\program files\NCH Swift Sound 2011-07-31 21:23:11 -------- d-----w- c:\program files\NCH Software 2011-07-31 21:12:59 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU 2011-07-31 21:12:58 -------- d-----w- c:\documents and settings\jim nall\application data\AVS4YOU 2011-07-31 21:11:25 -------- d-----w- c:\program files\common files\AVSMedia 2011-07-31 21:11:11 1700352 ----a-w- c:\windows\system32\GdiPlus.dll 2011-07-31 21:11:10 24576 ----a-w- c:\windows\system32\msxml3a.dll 2011-07-31 21:11:10 -------- d-----w- c:\program files\AVS4YOU 2011-07-30 19:49:41 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Identities 2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-07-30 17:07:12 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-07-30 17:06:34 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Apple 2011-07-30 17:05:49 -------- d-----w- c:\documents and settings\jim nall\local settings\application data\Apple Computer 2011-07-27 16:09:58 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2011-07-27 16:09:58 21504 ----a-w- c:\windows\system32\hidserv.dll 2011-07-27 16:09:56 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2011-07-27 16:09:56 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys . ==================== Find3M ==================== . 2011-08-11 18:42:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys 2011-07-07 00:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-07 00:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll 2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll 2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec 2011-06-21 21:23:58 389136 ----a-w- c:\windows\system32\FTBSaver.scr 2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-06-14 03:09:22 65328 ----a-w- c:\windows\apppatch\matsshim.dll 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 10:13:02.14 =============== ATTACH.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 6/30/2011 6:35:47 PM System Uptime: 8/24/2011 9:34:00 AM (1 hours ago) . Motherboard: MSI | | MS-7250 Processor: AMD Athlon 64 X2 Dual Core Processor 6400+ | CPU 1 | 3200/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 75 GiB total, 55.368 GiB free. D: is CDROM () E: is CDROM () F: is FIXED (NTFS) - 298 GiB total, 145.749 GiB free. G: is FIXED (NTFS) - 932 GiB total, 699.624 GiB free. H: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&126B373&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&126B373&0 Service: i8042prt . Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&126B373&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&126B373&0 Service: i8042prt . ==== System Restore Points =================== . RP1: 6/30/2011 6:37:51 PM - System Checkpoint RP2: 6/30/2011 6:43:44 PM - Installed Realtek High Definition Audio Driver RP3: 6/30/2011 6:46:44 PM - Installed Realtek High Definition Audio Driver RP4: 6/30/2011 6:49:29 PM - Installed MSI DigiCell RP5: 6/30/2011 7:45:45 PM - Software Distribution Service 3.0 RP6: 6/30/2011 7:48:09 PM - Software Distribution Service 3.0 RP7: 6/30/2011 8:16:13 PM - Windows Product Key Update Tool RP8: 6/30/2011 8:20:47 PM - Software Distribution Service 3.0 RP9: 6/30/2011 8:31:52 PM - Installed Windows XP WgaNotify. RP10: 6/30/2011 8:42:39 PM - Installed Windows Media Player 11 RP11: 6/30/2011 8:42:46 PM - Installed Windows XP Wudf01000. RP12: 6/30/2011 8:43:24 PM - Installed Windows XP MSCompPackV1. RP13: 6/30/2011 8:44:23 PM - Software Distribution Service 3.0 RP14: 6/30/2011 11:57:47 PM - Software Distribution Service 3.0 RP15: 7/1/2011 9:36:24 AM - Microsoft Antimalware Checkpoint RP16: 7/1/2011 10:15:06 AM - Software Distribution Service 3.0 RP17: 7/1/2011 10:31:59 AM - Software Distribution Service 3.0 RP18: 7/1/2011 4:55:25 PM - Installed Microsoft Office Professional Edition 2003 RP19: 7/1/2011 5:12:10 PM - Software Distribution Service 3.0 RP20: 7/2/2011 10:11:22 AM - Software Distribution Service 3.0 RP21: 7/2/2011 10:21:08 AM - Software Distribution Service 3.0 RP22: 7/2/2011 10:43:56 AM - Installed Adobe Reader X (10.1.0). RP23: 7/3/2011 3:42:15 PM - Software Distribution Service 3.0 RP24: 7/3/2011 6:04:45 PM - Software Distribution Service 3.0 RP25: 7/5/2011 11:37:33 AM - Software Distribution Service 3.0 RP26: 7/7/2011 8:35:35 AM - Software Distribution Service 3.0 RP27: 7/7/2011 9:56:45 AM - Installed %1 %2. RP28: 7/7/2011 3:47:34 PM - Software Distribution Service 3.0 RP29: 7/7/2011 6:49:22 PM - Installed DAK Wave MP3 Editor PRO v6.1b RP30: 7/7/2011 7:22:50 PM - Installed OmniPage SE RP31: 7/7/2011 8:07:54 PM - Installed Manual CanoScan 4200F RP32: 7/7/2011 9:21:46 PM - Printer Driver HP Officejet Pro 8500 A909a Series fax Installed RP33: 7/8/2011 6:31:06 PM - Software Distribution Service 3.0 RP34: 7/8/2011 6:49:39 PM - Installed HP Product Detection. RP35: 7/8/2011 8:19:59 PM - Software Distribution Service 3.0 RP36: 7/10/2011 9:32:15 AM - Software Distribution Service 3.0 RP37: 7/10/2011 10:15:17 AM - Software Distribution Service 3.0 RP38: 7/11/2011 11:14:13 AM - Software Distribution Service 3.0 RP39: 7/12/2011 9:17:30 AM - Removed NetAssistant RP40: 7/12/2011 9:29:29 AM - Removed MPM RP41: 7/12/2011 7:05:49 PM - Installed Windows XP KB932716-v2. RP42: 7/12/2011 7:05:55 PM - Software Distribution Service 3.0 RP43: 7/13/2011 12:21:21 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 RP44: 7/13/2011 12:21:37 AM - Installed Java 6 Update 22 RP45: 7/13/2011 12:21:57 AM - Installed OpenOffice.org 3.3 RP46: 7/15/2011 10:00:48 AM - Software Distribution Service 3.0 RP47: 7/15/2011 12:10:33 PM - Installed DirectX RP48: 7/15/2011 12:11:08 PM - Installed Nero 9 4.4.9.0 RP49: 7/16/2011 9:31:31 AM - Software Distribution Service 3.0 RP50: 7/16/2011 10:28:48 AM - Software Distribution Service 3.0 RP51: 7/16/2011 5:00:32 PM - Software Distribution Service 3.0 RP52: 7/18/2011 11:33:07 AM - Software Distribution Service 3.0 RP53: 7/18/2011 5:54:03 PM - Installed Adobe Photoshop Elements 8.0. RP54: 7/20/2011 10:07:30 AM - Software Distribution Service 3.0 RP55: 7/27/2011 11:21:02 AM - Software Distribution Service 3.0 RP56: 7/27/2011 11:26:38 AM - Installed Java 6 Update 26 RP57: 7/28/2011 1:30:31 PM - Software Distribution Service 3.0 RP58: 7/30/2011 11:25:23 AM - Software Distribution Service 3.0 RP59: 7/30/2011 12:06:49 PM - Installed QuickTime RP60: 7/31/2011 3:58:36 PM - Software Distribution Service 3.0 RP61: 8/1/2011 4:20:12 PM - System Checkpoint RP62: 8/3/2011 9:00:46 AM - Software Distribution Service 3.0 RP63: 8/4/2011 10:08:37 AM - Software Distribution Service 3.0 RP64: 8/5/2011 10:21:01 AM - Software Distribution Service 3.0 RP65: 8/5/2011 10:59:06 AM - Installed DirectX RP66: 8/7/2011 3:43:24 PM - Software Distribution Service 3.0 RP67: 8/9/2011 9:27:58 AM - Software Distribution Service 3.0 RP68: 8/9/2011 10:09:24 PM - Software Distribution Service 3.0 RP69: 8/10/2011 9:00:13 PM - Software Distribution Service 3.0 RP70: 8/11/2011 9:09:42 AM - Software Distribution Service 3.0 RP71: 8/12/2011 10:56:30 AM - Software Distribution Service 3.0 RP72: 8/12/2011 10:03:40 PM - Software Distribution Service 3.0 RP73: 8/14/2011 12:44:15 PM - Software Distribution Service 3.0 RP74: 8/16/2011 4:28:07 PM - Software Distribution Service 3.0 RP75: 8/17/2011 5:04:36 PM - System Checkpoint RP76: 8/17/2011 8:15:08 PM - Software Distribution Service 3.0 RP77: 8/19/2011 11:04:31 AM - Software Distribution Service 3.0 RP78: 8/20/2011 12:18:40 PM - System Checkpoint RP79: 8/22/2011 10:47:38 AM - Software Distribution Service 3.0 RP80: 8/23/2011 12:25:41 PM - Software Distribution Service 3.0 RP81: 8/23/2011 6:25:57 PM - Software Distribution Service 3.0 RP82: 8/24/2011 10:06:45 AM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 7-Zip 4.57 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Photoshop Elements 8.0 Adobe Photoshop.com Inspiration Browser Adobe Reader X (10.1.0) Advertising Center Apple Application Support Apple Software Update Ask Toolbar AVS Image Converter 2.0.2.160 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Bing Bar Bing Bar Platform bpd_scan Canon CanoScan Toolbox 4.6 DAK DePopper 3.x DAK Wave MP3 Editor PRO v6.1b Dell Driver Download Manager DolbyFiles DualCoreCenter Express Burn Disc Burning Software Google Earth Google Update Helper Grab & Burn, Version 4.0.1 ( Build 2005-09-21, Win32, CSS ) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB932716-v2) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) HP Deskjet 3900 series HP Product Detection HP Update HPDeskjet3900Series ImagXpress Internet Explorer (Enable DEP) Java Auto Updater Java 6 Update 26 Malwarebytes' Anti-Malware version 1.51.1.1800 Manual CanoScan 4200F Menu Templates - Starter Kit Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Antimalware Microsoft Application Error Reporting Microsoft Automated Troubleshooting Services Shim Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Default Manager Microsoft Fix it Center Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Movie Templates - Starter Kit MSI DigiCell MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyHeritage Family Tree Builder Nero 9 Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero PhotoSnap Nero Recode Nero Rescue Agent Nero ShowTime Nero StartSmart Nero Vision Nero WaveEditor NeroBurningROM NeroExpress neroxml NVIDIA Drivers OmniPage SE 2.0 OpenOffice.org 3.3 PhotoPad Image Editor PhotoStage Slideshow Producer Pixillion Image Converter QuickTime Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982665) SoundTap Streaming Audio Recorder SoundTrax Switch Sound File Converter Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VNC Free Edition 4.1.3 VRS Recording System WavePad Sound Editor WebFldrs XP Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows PowerShell 1.0 Yahoo! Detect Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 8/20/2011 10:12:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt 8/19/2011 10:54:24 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. . ==== End Of File =========================== MBAM quick scan log Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7553 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/24/2011 10:50:04 AM mbam-log-2011-08-24 (10-50-04).txt Scan type: Quick scan Objects scanned: 171596 Time elapsed: 12 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) _____________________________________END GMER GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-08-24 11:24:12 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000073 ST3808110AS rev.3.AAD Running: c5pkrslg.exe; Driver: C:\DOCUME~1\JIMNAL~1\LOCALS~1\Temp\pglyypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB955F000, 0x29C9F0, 0xE8000020] ? C:\DOCUME~1\JIMNAL~1\LOCALS~1\Temp\pglyypog.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3236] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3696] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 156280323 Disk \Device\Harddisk0\DR0 PE file @ sector 156280345 ---- EOF - GMER 1.0.15 ----

Comments on some of these i've used: OpenOffice - GREAT! and free worth a donation if you can RealVNC - 'port forwarding' aka remote access to computer on a LAN remote from yours.... works great, displays entire desktop and allows remote running of any App on that desktop....there does appear to be some conflict with MBAM though....separate post 7ZIP - with Winzip changing its download rules 7zip appears to be a good alternative AVAST & Avanti - i've had situations where neither program prevented an infection that MBAM picked up...I'm telling everyone that they should run MBAM in addition to any of these AV pgms GIMP - only used it using UBUNTU but its very powerful there Jim Nall

****Great List but when I tried 7ZIP I got an MBAM notice that it has an virus......when I downloaded from http://www.7-zip.org/download.html I did not get the virus error..........be careful where you download 7zip from

I have a similar problem. Hope it's OK to post here as a reply.... 13:44:39 jim nall IP-BLOCK 89.28.94.156 (Type: outgoing) 13:45:54 jim nall IP-BLOCK 62.45.206.211 (Type: outgoing) are the blocked IPs i'm getting. Yes I do have P2P....filevoom vuse and maybe others. do i need to uninstall P2P SW?

I'm getting repeated IP Block outgoing messages... 13:44:39 jim nall IP-BLOCK 89.28.94.156 (Type: outgoing) 13:45:54 jim nall IP-BLOCK 62.45.206.211 (Type: outgoing) The IP addresses are owned by someone in theNetherlands and the other in east europe. How can I remove this outgoing activity? It takes up unnecessary computer cycles.

I'm running the latest (1.46) version of Malwarebytes. I'm also running Norton AV 2010 (latest version). Norton ignores wmpscfgs.exe but MBAM keeps asking if I want to quarantine wmpscfgs.exe. I tell it yes. The next time I reboot the virus is detected again by MBAM. A description in PREVx seems to say that this virus creates many files/copies of itself under different names so removing it may be a problem. I've read the previous post by Kahdah and am following it. I'll post the results to this post in case I need to ask more questions. Thanks in advance for your help. OTL.TXT OTL logfile created on: 5/23/2010 2:22:38 PM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 45.49 Gb Free Space | 61.04% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 67.80 Gb Free Space | 22.74% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MSI-6400 Current User Name: jim nall Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Prevx\prevx.exe (Prevx) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) PRC - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.) PRC - C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Ipswitch) PRC - C:\Program Files\TrueSwitchEsaya\TrueWizard.exe (Esaya) PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Yahoo!\Search Protection\searchprotection.exe (Yahoo! Inc) PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\ATI Technologies\ATI.ACE\DualCoreCenter.exe () PRC - C:\Program Files\MSI\DigiCell\DigiCell.exe () PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) PRC - C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\drgtodsc.exe (Roxio) PRC - C:\Program Files\ScanSoft\OmniPageSE2.0\opwarese2.exe (ScanSoft, Inc.) PRC - C:\WINDOWS\system32\umonit.exe (General) ========== Modules (SafeList) ========== MOD - D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll (ScanSoft, Inc.) ========== Win32 Services (SafeList) ========== SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.) SRV - (nTuneService) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman) ========== Driver Services (SafeList) ========== DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx) DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx) DRV - (pxkbf) -- C:\WINDOWS\system32\drivers\pxkbf.sys (Prevx) DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100523.004\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100523.004\NAVENG.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS (Symantec Corporation) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100429.001\BHDrvx86.sys (Symantec Corporation) DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS (Symantec Corporation) DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS (Symantec Corporation) DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS (Symantec Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS (Symantec Corporation) DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100513.002\IDSXpx86.sys (Symantec Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (Cdralw2k) -- C:\WINDOWS\system32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (RushTopDevice2) -- C:\Program Files\ATI Technologies\ATI.ACE\RushTop.sys (Your Corporation) DRV - (DualCoreCenter) -- C:\Program Files\ATI Technologies\ATI.ACE\NTGLM7X.sys (MICRO-STAR INT'L CO., LTD.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.) DRV - (nvata) -- C:\WINDOWS\System32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (DigiCellDriver) -- C:\Program Files\MSI\DigiCell\NTGLM7X.sys (Your Corporation) DRV - (cdudf_xp) -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys (Roxio) DRV - (dvd_2K) -- C:\WINDOWS\system32\drivers\dvd_2k.sys (Roxio) DRV - (DVDVRRdr_xp) -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider) DRV - (UDFReadr) -- C:\WINDOWS\system32\drivers\Udfreadr.sys (Roxio) DRV - (mmc_2K) -- C:\WINDOWS\system32\drivers\mmc_2k.sys (Roxio) DRV - (pwd_2k) -- C:\WINDOWS\system32\drivers\Pwd_2k.sys (Roxio) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (fixustor) -- C:\WINDOWS\system32\drivers\fixustor.sys (Genesys Logic) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/17 11:34:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2010/04/26 18:07:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/09 09:46:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/03 22:31:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.) O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [uMonit] C:\WINDOWS\system32\umonit.exe (General) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKCU..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\searchprotection.exe (Yahoo! Inc) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk = C:\Program Files\ATI Technologies\ATI.ACE\StartUpDualCoreCenter.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk = C:\Program Files\TrueSwitchEsaya\TrueWizard.exe (Esaya) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1261948522796 (MUCatalogWebControl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1260844933624 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1260844921389 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitch.com/TrueInstall.exe (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop BackupWallPaper: D:\PICTURES\GOD Paints\Burtchart Gardens.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/12/14 21:30:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/03/28 13:05:32 | 000,000,000 | ---D | M] - D:\Auto RV Truck -- [ NTFS ] O33 - MountPoints2\{83fdb14d-ec31-11de-bbd3-0019dbcf6414}\Shell\AutoRun\command - "" = K:\autorun.exe -- File not found O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell - "" = AutoRun O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ccb4f8aa-ebf2-11de-bbd2-0019dbcf6414}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/12/14 15:09:27 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (56308550258917376) ========== Files/Folders - Created Within 30 Days ========== [2010/05/23 13:05:20 | 000,061,440 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll [2010/05/23 13:05:20 | 000,057,248 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys [2010/05/23 13:05:20 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2010/05/23 13:05:19 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys [2010/05/23 13:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx [2010/05/23 13:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI [2010/05/22 20:15:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim nall\Recent [2010/05/20 17:07:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/20 17:07:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/20 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/05/03 22:31:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/05/03 22:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar [2010/05/03 22:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer [2010/05/03 22:29:06 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010/04/28 15:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\Local Settings\Application Data\Yahoo! [2010/04/26 16:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\My Documents\Ipswitch WS_FTP 12 [2010/04/26 16:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\My Documents\OpenOffice.org 3.2 (en-US) Installation Files [2010/04/26 12:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2010/04/26 12:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\W3i [2010/04/26 12:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i [2010/04/26 11:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free ISO Creator [2010/04/24 16:13:35 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSwitch [2010/04/24 16:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim nall\Application Data\TrueSwitch [2010/04/24 16:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\TrueSwitchEsaya [2010/04/24 10:01:33 | 000,000,000 | ---D | C] -- C:\backup boot ini [2010/04/23 18:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo [2010/04/23 18:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Winamp Toolbar [2010/04/23 18:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo! [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/05/23 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2010/05/23 13:43:23 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\jim nall\NTUSER.DAT [2010/05/23 13:05:20 | 000,061,440 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll [2010/05/23 13:05:20 | 000,057,248 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys [2010/05/23 13:05:20 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys [2010/05/23 13:05:19 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys [2010/05/23 13:05:09 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/05/23 13:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2010/05/23 12:58:13 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/23 12:54:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/23 12:53:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/23 12:53:53 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2010/05/23 00:28:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jim nall\ntuser.ini [2010/05/23 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2010/05/22 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2010/05/22 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2010/05/22 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2010/05/22 20:16:23 | 000,002,346 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100522_201616.reg [2010/05/22 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2010/05/22 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2010/05/22 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2010/05/22 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2010/05/22 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2010/05/22 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2010/05/22 12:16:34 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\reg052210.reg [2010/05/21 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2010/05/21 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2010/05/20 19:46:35 | 000,642,842 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\Cat.DB [2010/05/20 19:46:26 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK [2010/05/20 17:07:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/20 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2010/05/20 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2010/05/19 22:06:35 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\whois search.doc [2010/05/19 22:06:13 | 000,017,455 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\whois search.odt [2010/05/19 11:06:30 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr [2010/05/19 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2010/05/18 18:30:15 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100518_183011.reg [2010/05/18 18:27:18 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\jim nall\Desktop\CCleaner.lnk [2010/05/15 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2010/05/15 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2010/05/14 16:06:44 | 000,854,150 | ---- | M] () -- C:\00.bmp [2010/05/14 01:36:08 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\isolate.ini [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdi.sys [2010/05/05 23:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symtdiv.sys [2010/05/05 23:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys [2010/05/05 23:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnetv.inf [2010/05/05 23:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symnet.inf [2010/05/03 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2010/05/03 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2010/05/03 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2010/04/29 16:16:57 | 000,007,601 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\ironx86.sys [2010/04/29 00:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.cat [2010/04/29 00:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\iron.inf [2010/04/27 22:32:28 | 000,032,636 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100427_223224.reg [2010/04/26 11:57:33 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\jim nall\Desktop\Free ISO Creator.lnk [2010/04/26 03:18:40 | 000,007,873 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.cat [2010/04/25 11:58:38 | 000,005,866 | --S- | M] () -- C:\Documents and Settings\jim nall\My Documents\Untitled.rcl [2010/04/25 11:32:11 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk [2010/04/24 16:16:55 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk [2010/04/24 16:16:54 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard.lnk [2010/04/24 12:05:29 | 000,044,332 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-24.2010 [2010/04/24 06:31:04 | 000,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1107000.00C\symefa.inf [2010/04/23 16:55:52 | 006,453,916 | ---- | M] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-23-10.mcf [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/22 20:16:20 | 000,002,346 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100522_201616.reg [2010/05/22 12:16:34 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\reg052210.reg [2010/05/20 17:07:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/19 22:06:32 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\whois search.doc [2010/05/19 21:29:38 | 000,017,455 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\whois search.odt [2010/05/18 18:30:14 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100518_183011.reg [2010/05/05 12:55:13 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Volume Control.lnk [2010/05/03 21:33:52 | 000,002,230 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Nero Burning ROM.lnk [2010/04/29 16:16:57 | 000,001,264 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.usr [2010/04/27 22:32:26 | 000,032,636 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\cc_20100427_223224.reg [2010/04/26 16:55:34 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Windows Media Player.lnk [2010/04/26 11:57:33 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\jim nall\Desktop\Free ISO Creator.lnk [2010/04/25 11:58:38 | 000,005,866 | --S- | C] () -- C:\Documents and Settings\jim nall\My Documents\Untitled.rcl [2010/04/25 11:32:11 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk [2010/04/24 16:13:35 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\jim nall\Start Menu\Programs\Startup\TrueAssistant.lnk [2010/04/24 16:13:34 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TrueSwitch Wizard.lnk [2010/04/24 12:05:20 | 000,044,332 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-24.2010 [2010/04/23 16:55:50 | 006,453,916 | ---- | C] () -- C:\Documents and Settings\jim nall\My Documents\Recent History norton av 2010 4-23-10.mcf [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2010/04/23 14:37:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2010/04/23 14:37:10 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2010/02/27 12:14:34 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010/02/17 14:35:21 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2010/02/11 18:16:45 | 000,026,491 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2010/01/03 11:37:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/12/21 16:03:11 | 000,000,559 | ---- | C] () -- C:\WINDOWS\System32\iconcfg.ini [2009/12/20 19:53:40 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI [2009/12/20 19:53:21 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2009/12/20 19:40:17 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2009/12/20 19:36:46 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL [2009/12/18 11:31:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/12/17 12:10:54 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2009/12/17 11:50:44 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI [2009/12/17 11:50:32 | 000,000,066 | ---- | C] () -- C:\WINDOWS\EPSC66PE.ini [2009/12/17 11:44:42 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini [2009/12/15 10:46:31 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2009/12/14 22:05:54 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006/08/10 18:58:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WlanInstallDll.dll [2005/11/30 04:49:56 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2005/04/27 13:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2005/04/27 13:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2004/09/10 17:34:26 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll [2002/12/10 01:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL [2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL [2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [2001/08/23 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2001/08/23 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2001/08/23 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2001/08/23 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2001/08/23 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll ========== LOP Check ========== [2010/01/24 14:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus [2010/01/19 17:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure [2009/12/18 13:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010/03/23 16:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2009/12/18 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes [2010/01/19 16:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2009/12/25 17:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PassMark [2010/05/23 13:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI [2009/12/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2009/12/20 19:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard [2009/12/25 15:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TreeCardGames [2009/12/27 10:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2010/04/26 12:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i [2010/04/02 15:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Azureus [2010/05/18 10:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Canon [2010/04/09 14:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\DAK [2010/01/19 16:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\DriverCure [2010/05/14 17:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\FileVOoM [2009/12/17 11:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Leadertech [2009/12/19 16:20:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\OpenOffice.org [2009/12/20 19:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\ScanSoft [2009/12/27 23:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\SolSuite [2010/01/08 11:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Tific [2010/04/24 16:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\TrueSwitch [2009/12/27 10:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim nall\Application Data\Ulead Systems [2010/05/23 00:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2010/05/03 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2010/05/19 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2010/05/20 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2010/05/20 12:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2010/05/23 13:00:10 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2010/05/23 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2010/05/22 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2010/05/22 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2010/05/22 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2010/05/22 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2010/05/21 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2010/05/22 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2010/05/22 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2010/05/22 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2010/05/22 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2010/05/22 23:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2010/05/21 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2010/05/15 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2010/05/15 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2010/05/03 06:48:38 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2010/05/03 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2010/05/03 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009/12/14 22:27:08 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008/04/14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2001/08/23 07:00:00 | 000,086,656 | ---- | M] (Microsoft Corporation) MD5=A64013E98426E1877CB653685C5C0009 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys [2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS [2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\NETLOGON.DLL [2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: NVATA.SYS > [2006/08/21 05:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys < MD5 for: SCECLI.DLL > [2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\pebuilder3110a\BartPE\I386\SYSTEM32\SCECLI.DLL [2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < End of report > Extras.txt OTL Extras logfile created on: 5/23/2010 2:22:39 PM - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = D:\COMPUTER\Anti-Virus antiSpyantiSpam\OTL Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 45.49 Gb Free Space | 61.04% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 67.80 Gb Free Space | 22.74% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MSI-6400 Current User Name: jim nall Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe" = C:\Program Files\Norton AntiVirus\Engine\17.1.0.19\ccSvcHst.exe:*:Enabled:Symantec Service Framework -- File not found "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Yahoo!\Messenger\yahoomessenger .exe" = C:\Program Files\Yahoo!\Messenger\yahoomessenger .exe:*:Disabled:Yahoo! Messenger -- (Yahoo! Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C95D52-2172-B580-CDD3-695DDAA193BC}" = CCC Help English "{02B232C3-46A6-03C0-EEB6-2F518E329457}" = Catalyst Control Center HydraVision Full "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6 "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0EC8FEB1-5F6C-C110-26E3-98688B131C7B}" = Catalyst Control Center Core Implementation "{10f7091e-f017-4f66-94bc-88efd353ca60}" = Nero 9 "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{1C4B921A-724F-742D-A848-87BA42680DCA}" = CCC Help Korean "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{21AA8C0C-0700-0434-A439-95A735A805D0}" = CCC Help Italian "{234305B0-B206-26E0-263D-D62F89E58493}" = CCC Help Spanish "{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 20 "{2AEB1EAF-9E1C-4361-8562-5AC7AE6AC177}" = ATI AVIVO Codecs "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{318089B6-063F-5F09-F84E-742AAA512F3B}" = CCC Help Thai "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder "{3794889D-F4E3-C5CD-D3B0-B605D137BD9E}" = CCC Help Polish "{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series "{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser "{3C105379-729D-992E-AFF1-3AD9D9CD5847}" = ccc-utility "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{3F7022C8-0E0B-DD89-0424-4DDBBEAE9662}" = Catalyst Control Center Graphics Full Existing "{3F80E737-C04B-742F-39CF-16D472780D2F}" = CCC Help Greek "{4003780A-8579-4701-B397-C76725BB44B1}" = CCC Help Japanese "{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{47B02FDB-17F9-A8BE-23C9-B080313DA1BD}" = CCC Help Portuguese "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5192AB64-1154-5D5B-9292-E9DF51AE4759}" = Catalyst Control Center Localization All "{533EA890-F246-66D0-DBD2-C87078C5991B}" = CCC Help Chinese Standard "{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater "{54C1F42B-0BA1-7CB2-F175-C2B69D7FF74E}" = ccc-core-preinstall "{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder "{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2 "{6D2C2571-E4F0-41C6-9B01-95629C06C738}" = LS_HSI "{6E535222-B704-F8CB-C235-70CB58C362D9}" = CCC Help Swedish "{70B59829-7C8F-C378-B9F0-78E5C9879224}" = CCC Help Russian "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77251F6F-90CB-C80D-D709-701517C6FF36}" = ccc-core-static "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{79A3E128-DE54-2E2A-99F8-37F7872A26FD}" = CCC Help Norwegian "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0 "{7AC64083-A73C-FA07-7BE9-BEFDBDCA393F}" = CCC Help Dutch "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{80D12CA0-52A2-4E50-9379-3B101D53B8BA}" = CCC Help French "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{8D05DE05-5FC1-6C0C-8DA1-807BE4EE72BB}" = CCC Help Finnish "{96F56519-91DF-4D42-A36D-3D4BCA0B8329}" = DAK Wave MP3 Editor PRO v6.1b "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{A083E0DD-212F-F991-EC8D-673DDD3BD9F5}" = Catalyst Control Center Graphics Light "{A1AEDF29-CC4F-CB06-227C-ACE1C3F92A8E}" = CCC Help Hungarian "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A409609F-E81D-B613-B7AE-89D28DAAFD26}" = CCC Help Danish "{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2 "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP 12 "{ADF62610-0391-4ABA-E67C-8DF8F51F897E}" = CCC Help German "{B15F6758-D185-4377-9F3A-7B30B03E9A97}" = MSI DigiCell "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BAD68DAA-DA40-3681-996C-7B91959EC9CA}" = Catalyst Control Center Graphics Full New "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{CB543BA1-82D4-4B45-96BF-30D0E5ED220A}" = InstallIQ Updater "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF7D89CA-6AB3-FD7E-903B-1821EE6453B5}" = CCC Help Chinese Traditional "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D8A6B20B-C028-9C52-41BF-CA706A666B45}" = CCC Help Czech "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder "{E13FD48B-341E-0A3F-5306-C407E60AB28F}" = CCC Help Turkish "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter "{EF714D4E-B503-D848-73DD-2FE18ECA7BFB}" = Catalyst Control Center Graphics Previews Common "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F4862B43-A087-4826-8C50-D41646EC7728}" = Roxio Easy Media Creator 7 Basic Edition "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status "{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack "{F8EFF5E4-9B76-417B-A0BC-325659CFDA82}" = ImageMate 8 in 1 Read/Writer (SDDR-88) "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.57 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "All ATI Software" = ATI - Software Uninstall Utility "ATI Display Driver" = ATI Display Driver "BurnInTest_is1" = BurnInTest v6.0 Pro "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DAKDePopper3" = DAK DePopper 3.x "Dell_HostCD" = Dell Printer Software Uninstall "DualCoreCenter_is1" = DualCoreCenter "EPSON Printer and Utilities" = EPSON Printer Software "FixUstor" = Generic USB Mass Storage Patch Driver "Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8 "HP Imaging Device Functions" = HP Imaging Device Functions 5.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0 "ie8" = Windows Internet Explorer 8 "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation) "Liveupdate4_is1" = Liveupdate4 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.2 "NAV" = Norton AntiVirus "NVIDIA Drivers" = NVIDIA Drivers "PCSI" = Prevx "PE Builder_is1" = PE Builder 3.1.10a "PerformanceTest 7_is1" = PerformanceTest v7.0 "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25. 1" = Adobe Photoshop.com Inspiration Browser "PPTView97" = Microsoft PowerPoint Viewer 97 "RealVNC_is1" = VNC Free Edition 4.1.3 "SolSuite" = SolSuite "Trailer Life Directory Campground Navigator 2008_is1" = Trailer Life Directory Campground Navigator 2008 "TrueSwitch Wizard" = TrueSwitch Wizard "Vuze" = Vuze "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinZip" = WinZip "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Detector Plug-in "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 4/26/2010 6:36:39 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/26/2010 6:36:43 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 4/27/2010 11:42:06 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/27/2010 11:42:10 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 4/27/2010 11:42:15 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/27/2010 11:42:18 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 4/29/2010 5:19:31 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/29/2010 5:19:35 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. Error - 4/29/2010 5:26:20 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 4/29/2010 5:26:22 PM | Computer Name = MSI-6400 | Source = Application Hang | ID = 1001 Description = Fault bucket 1180947459. [ System Events ] Error - 5/20/2010 8:45:41 PM | Computer Name = MSI-6400 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 5/20/2010 8:46:29 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Error - 5/20/2010 9:00:00 PM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901 Description = The At21.job command failed to start due to the following error: %%2147942402 Error - 5/20/2010 10:00:00 PM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901 Description = The At22.job command failed to start due to the following error: %%2147942402 Error - 5/21/2010 9:54:03 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Error - 5/22/2010 12:30:20 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Error - 5/22/2010 1:12:27 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp Error - 5/23/2010 | Computer Name = MSI-6400 | Source = Schedule | ID = 7901 Description = The At24.job command failed to start due to the following error: %%2147942402 Error - 5/23/2010 1:02:00 AM | Computer Name = MSI-6400 | Source = Schedule | ID = 7901 Description = The At1.job command failed to start due to the following error: %%2147942402 Error - 5/23/2010 1:55:08 PM | Computer Name = MSI-6400 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Cdr4_xp < End of report >

I'm running the latest (1.46) version of Malwarebytes. I'm also running Norton AV 2010 (latest version). Norton ignores wmpscfgs.exe but MBAM keeps asking if I want to quarantine wmpscfgs.exe. I tell it yes. The next time I reboot the virus is detected again by MBAM. A description in PREVx seems to say that this virus creates many files/copies of itself under different names so removing it may be a problem. I've read the previous post by Kahdah and am following it. I'll post the results to this post in case I need to ask more questions. Thanks in advance for your help.

Maurice....sorry if i'm using this post incorrectly, but yes I do need help. The computers involved have been infected with the fuefue.exe malware. Windows explorer can't see the fuefue files but under some circumstances the Nero CD/DVD burn program can see them. What is the best way to remove fuefue?

******************************************************12/03/09**************************** I downloaded and ran combofix.exe as instructed. Below is the result. MBAM did not detect the infections. FYI ComboFix 09-12-03.02 - RevLynn 12/03/2009 16:45.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.134 [GMT -6:00] Running from: c:\documents and settings\RevLynn\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\RevLynn\My Documents\reg-afterRebuild-12-03-09.reg c:\recycler\S-1-5-21-1449584909-2326681697-841056466-500 c:\windows\system32\drivers\fad.sys c:\windows\system32\msssc.dll Infected copy of c:\windows\system32\hid.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\hid.dll Infected copy of c:\windows\system32\midimap.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\midimap.dll . ((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 ))))))))))))))))))))))))))))))) . 2009-12-03 23:14 . 2009-12-03 23:14 67424 ----a-w- c:\documents and settings\RevLynn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-03 22:25 . 2009-12-03 22:25 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-12-03 19:41 . 2009-12-03 19:41 -------- d-----w- c:\windows\system32\XPSViewer 2009-12-03 19:41 . 2009-12-03 19:41 -------- d-----w- c:\program files\MSBuild 2009-12-03 19:40 . 2009-12-03 19:40 -------- d-----w- c:\program files\Reference Assemblies 2009-12-03 19:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2009-12-03 19:40 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-12-03 19:40 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-12-03 19:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2009-12-03 19:40 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-12-03 19:40 . 2009-12-03 19:40 -------- d-----w- C:\99e319f18eb581b5a7d3 2009-12-03 19:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-12-03 19:40 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-12-03 19:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-12-03 19:40 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll 2009-12-03 19:40 . 2009-12-03 20:06 -------- d-----w- c:\windows\SxsCaPendDel 2009-12-03 18:40 . 2009-12-03 18:40 -------- d-----w- c:\documents and settings\RevLynn\Local Settings\Application Data\Identities 2009-12-03 18:24 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-12-03 03:38 . 2009-12-03 03:38 -------- d-----w- c:\documents and settings\Webmaster\Local Settings\Application Data\Ahead 2009-12-03 03:38 . 2009-12-03 03:38 -------- d-----w- c:\documents and settings\Webmaster\Application Data\Nero 2009-12-03 03:06 . 2009-12-03 03:06 -------- d-----w- c:\documents and settings\RevLynn\Local Settings\Application Data\Ahead 2009-12-03 02:30 . 2009-12-03 02:30 -------- d-----w- c:\documents and settings\RevLynn\Application Data\Nero 2009-12-03 02:26 . 2009-12-03 02:29 -------- d-----w- c:\program files\Common Files\Nero 2009-12-03 02:26 . 2009-12-03 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero 2009-12-03 02:26 . 2009-12-03 02:26 -------- d-----w- c:\program files\Nero 2009-12-03 02:17 . 2009-12-03 02:17 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-12-03 02:16 . 2009-12-03 22:02 -------- d-----w- c:\windows\ShellNew 2009-12-03 02:16 . 2009-12-03 02:16 -------- d-----w- c:\program files\Common Files\L&H 2009-12-03 02:12 . 2009-12-03 02:13 -------- d-----w- c:\program files\Common Files\Computer Helper 2009-12-03 02:11 . 2009-12-03 02:11 -------- d-----w- c:\documents and settings\RevLynn\Local Settings\Application Data\Downloaded Installations 2009-12-03 02:06 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-12-03 01:56 . 2009-12-03 01:57 -------- d-----w- c:\program files\Windows Media Connect 2 2009-12-03 01:54 . 2009-12-03 01:55 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-12-03 01:54 . 2009-12-03 01:54 -------- d-----w- c:\windows\system32\LogFiles 2009-12-03 01:40 . 2009-12-03 01:52 -------- d-----w- c:\program files\PhoneTreeMVPu 2009-12-03 01:36 . 2009-12-03 01:36 -------- d-----w- c:\windows\Downloaded Installations 2009-12-03 01:33 . 2009-12-03 01:33 -------- d-----w- c:\documents and settings\RevLynn\Application Data\Malwarebytes 2009-12-03 01:22 . 2009-12-03 01:22 -------- d-sh--w- c:\documents and settings\RevLynn\IECompatCache 2009-12-03 01:21 . 2009-12-03 01:21 -------- d-sh--w- c:\documents and settings\RevLynn\PrivacIE 2009-12-03 01:20 . 2009-12-03 01:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-03 01:19 . 2009-12-03 01:19 152576 ----a-w- c:\documents and settings\RevLynn\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-12-03 01:18 . 2009-12-03 01:18 79488 ----a-w- c:\documents and settings\RevLynn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-12-03 01:14 . 2009-12-03 01:14 65536 ----a-r- c:\documents and settings\RevLynn\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\PalmDesktopShortcut.exe 2009-12-03 01:14 . 2009-12-03 01:14 65536 ----a-r- c:\documents and settings\RevLynn\Application Data\Microsoft\Installer\{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}\ARPPRODUCTICON.exe 2009-12-03 01:14 . 2009-12-03 01:34 -------- d-----w- c:\program files\Palm 2009-12-03 00:04 . 2009-12-03 00:06 -------- d-----w- c:\documents and settings\LYNN Saved 2009-12-03 00:04 . 2009-12-03 00:04 -------- d-----w- c:\documents and settings\LYNN Saved\Microsoft OE 2009-12-03 00:00 . 2009-12-03 00:00 -------- d-sh--w- c:\documents and settings\Webmaster\IETldCache 2009-12-02 23:56 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll 2009-12-02 23:56 . 2009-12-02 23:56 -------- d-----w- c:\windows\ie8updates 2009-12-02 23:55 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-12-02 23:55 . 2009-08-29 08:08 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-02 23:55 . 2009-08-29 08:08 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-02 23:55 . 2009-08-29 08:08 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll 2009-12-02 23:55 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-02 23:55 . 2009-08-29 08:08 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll 2009-12-02 23:54 . 2009-12-02 23:55 -------- dc-h--w- c:\windows\ie8 2009-12-02 21:24 . 2009-12-02 21:24 13104 ----a-w- c:\documents and settings\Webmaster\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\system32\scripting 2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\l2schemas 2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\system32\en 2009-12-02 21:17 . 2009-12-02 21:17 -------- d-----w- c:\windows\system32\bits 2009-12-02 21:16 . 2009-12-02 21:16 -------- d-----w- c:\windows\ServicePackFiles 2009-12-02 21:08 . 2004-08-04 05:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys 2009-12-02 21:07 . 2009-12-02 21:07 -------- d-----w- c:\documents and settings\Webmaster\Application Data\Malwarebytes 2009-12-02 21:06 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-02 21:06 . 2009-12-03 22:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-02 21:06 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-02 21:06 . 2009-12-02 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-02 17:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-12-02 16:58 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys 2009-12-02 16:58 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-02 16:58 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys 2009-12-02 16:58 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll 2009-12-02 16:58 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-12-02 16:58 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll 2009-12-02 16:55 . 2004-08-04 04:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys 2009-12-02 16:55 . 2004-08-04 04:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys 2009-12-02 16:55 . 2004-08-04 04:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys 2009-12-02 16:55 . 2004-08-04 04:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys 2009-12-02 16:45 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll 2009-12-02 16:45 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll 2009-12-02 16:45 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll 2009-12-02 16:45 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe 2009-12-02 16:44 . 2009-12-02 16:44 -------- d-s---w- c:\documents and settings\Webmaster\UserData 2009-12-02 16:42 . 2009-01-08 00:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-12-02 16:42 . 2009-12-02 23:59 -------- d--h--w- c:\windows\$hf_mig$ 2009-12-02 16:34 . 2003-03-11 11:09 155648 ----a-w- c:\windows\system32\igfxres.dll 2009-12-02 16:32 . 2009-12-02 16:32 -------- d-----w- c:\program files\Program Shortcuts 2009-12-02 16:18 . 2004-05-25 11:04 192 ----a-w- c:\windows\logoffper2.reg 2009-12-02 16:18 . 2004-05-25 11:04 278 ----a-w- c:\windows\logonper2.reg 2009-12-02 16:17 . 1998-10-30 00:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-12-02 16:16 . 2002-05-28 20:11 4605 ----a-w- c:\windows\system32\dllcache\oembios.dat 2009-12-02 16:16 . 2002-05-28 20:11 13107200 ----a-w- c:\windows\system32\dllcache\oembios.bin 2009-12-02 16:16 . 2009-12-02 16:17 -------- d-----w- c:\program files\Compaq 2009-12-02 16:16 . 2009-12-02 16:16 -------- d-----w- c:\program files\PDF Complete 2009-12-02 16:16 . 2003-05-16 13:49 20569 ----a-w- c:\windows\system32\pxc25pm.dll 2009-12-02 16:14 . 2009-12-02 16:14 -------- d-----w- C:\cpqs 2009-12-02 16:14 . 2002-11-21 18:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll 2009-12-02 16:14 . 2002-11-21 18:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll 2009-12-02 16:14 . 2002-11-21 18:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll 2009-12-02 16:14 . 2002-11-21 18:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll 2009-12-02 16:14 . 2002-11-21 18:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll 2009-12-02 16:14 . 2002-11-21 18:57 20480 ----a-w- c:\windows\system32\IVIresize.dll 2009-12-02 16:14 . 2009-12-02 16:14 -------- d-----w- c:\program files\InterVideo 2009-12-02 16:14 . 2009-12-02 16:14 -------- d-----w- c:\program files\Altiris 2009-12-02 16:12 . 2009-12-03 01:19 -------- d-----w- c:\program files\Java 2009-12-02 16:12 . 2009-12-02 16:12 -------- d-----w- c:\program files\Common Files\Java 2009-12-02 16:11 . 2009-12-02 16:11 -------- d-----w- c:\windows\system32\URTTemp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-03 01:14 . 2009-12-02 16:13 -------- d-----w- c:\program files\Common Files\InstallShield 2009-12-02 21:19 . 2004-08-09 20:32 86843 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-02 16:17 . 2009-12-02 16:17 1588 --sha-r- c:\windows\system32\drivers\103C_HP_BPC_HP dc5000 uT(DZ216AV)_YB_0CBD_Q2UA547_EU_46_I090Ch_SHP_V_B786B0 v1.00_T040212_WXP2_L409_M504_J80_7Intel_8Pentium 4_92.99_#091202_N14E41696_(DZ216AV)_X_CD7_Z_2_G80862572_OHL-DT-ST RW DVD GCC-4482B.MRK 2009-12-02 16:14 . 2009-12-02 16:13 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-12-02 16:13 . 2009-12-02 16:13 -------- d-----w- c:\program files\Analog Devices 2009-12-02 15:05 . 2009-12-02 15:05 -------- d-----w- c:\program files\microsoft frontpage 2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll 2009-09-11 14:18 . 2004-08-04 07:56 136192 ----a-w- c:\windows\system32\msv1_0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2008-07-10 14:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632] "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2003-06-06 167936] "SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664] "SecurDisc"="c:\program files\Nero\Nero8\InCD\NBHGui.exe" [2008-07-10 2049320] "InCD"="c:\program files\Nero\Nero8\InCD\InCD.exe" [2008-07-10 1083176] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392] c:\documents and settings\RevLynn\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-9-25 299008] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-12-2 106560] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/2/2009 3:06 PM 276816] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/2/2009 3:06 PM 19160] . Contents of the 'Scheduled Tasks' folder 2009-12-02 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Webmaster.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-02 22:14] 2009-12-02 c:\windows\Tasks\Malwarebytes' Scheduled Update for Webmaster.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-02 22:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.umckc.org/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-03 17:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3548) c:\windows\system32\WININET.dll c:\program files\Nero\Nero8\InCD\NBHShx.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Nero\Nero8\InCD\NBHStr.dll c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Nero\Nero8\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\program files\PDF Complete\pdfsaver.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Completion time: 2009-12-03 17:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-12-03 23:19 Pre-Run: 57,366,712,320 bytes free Post-Run: 57,360,220,160 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - E28AD910FA038D0EE7E4E4A4DA926478

I'll contact the corporate site but given comments below I'm not hopefull for a quick solutions. I represent a church with about 10 desktops and peer to peer network. We also use wireless password protected. I've recently had a problem with a church member bringing an infected USB flash drive and plugging it into their desktop. The USB flash drive was not automatically checked and the malware proliferated quickly thru the network. How can I configure MBAM to automatically scan all USB devices when they are connected rather than at a certain time of day? Jim Nall for Rev. Lynn Dyke at Kimberling City UMC

So are you saying use WeatherBug Live if weatherbug is reported as MBAM as a malicious site (66.235.126.71)???

(JimNALL) So are you saying use WeatherBug Live if MBAM reports weatherbug site (66.235.126.71) as malicious and blicks it?

I consistently receive this XP error [Open Event] Failed to perform desired action Error code: 2 when I first boot up XP. I'm running XP Pro SP3, IE8, etc....try to be current on all Microsoft. Can you help me debug this?

Thanks for the help. MBAM is a VERY good service.

OK....Letting any trojan install is bad, and I assume you mean you've seen this happen.....i'll stop using it. what do you recommend as a registry cleaner?

I checked the link and scanned down to the last entry. That entry talks about consumers-reports.net as a scam web site. It says that Netcom3 is linked to the consumers-reports which is usually the case if you offer to sell Netcom3 thru your own web site. My own web site, www.yourpcathome.com has a similar linkage. What's confusing me is that everyone seems to point elsewhere to prove that Netcom3 is a scam organization. I don't see anywhere that a specific corruption of windows, or personal info being sent somewhere, etc. is documented. Can you please help me sort this out. I'm in the process of checking with BBB and others in california to see if they have any info and will let you know.

Here's what the last quoted site says... Online affiliations for consumers-reviews.net: Linked to red site When we tested this site we found links to netcom3.com, which we found to be a distributor of downloads some people consider adware, spyware or other potentially unwanted programs. Malwarebytes also offers a 'commission' if you are an affiliate to people who purchase at your direction. Netcom3 does the same thing using a different payment mechanism. This would explain why Netcom3 was 'linked to a red site'. The red site is the problem not the Netcom3 linked to site. I'm not sure what 'mung' ing means, but YES I do get a commission if people buy Netcom3 thru my web site, www.yourpcathome.com. I am in business to remove virus/malware/spyware. I got started with Malwarebytes when I began encountering AV2008 and later AV2009. It may be just my ignorance or misunderstanding of the posts here, but what is the specific problem that you attribute to Netcom3? I've seen many instances where one AV program detects another as spyware/adware etc. Just running the program isn't enough of an indication that another program has taken malevolent action. What is it that you see Netcom3 doing? corrupting registry? adding spurious registry entries? feeding personal info back to some site for sale? Please let me know.

I purchased Netcom3 www.netcom3.com as a means to clean up my registry and also to detect spyware/adware. Malwarebytes 1.33 is reporting it as malware. I do not believe it should be doing so. Does anyone have any experience with Netcom3? To Malwarebytes tech support.... would you please investigate. The latest log is below. Malwarebytes' Anti-Malware 1.33 Database version: 1713 Windows 5.1.2600 Service Pack 3 02/01/2009 2:03:49 PM mbam-log-2009-02-01 (14-03-49).txt Scan type: Full Scan (C:\|F:\|) Objects scanned: 257949 Time elapsed: 1 hour(s), 9 minute(s), 25 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 19 Memory Processes Infected: C:\Program Files\Netcom3 Cleaner\Netcom3D.exe (Rogue.Netcom3) -> Not selected for removal. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netcom3 (Rogue.Netcom3) -> Not selected for removal. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netcom3 (Rogue.Netcom3) -> Not selected for removal. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netcom3 (Rogue.Netcom3) -> Not selected for removal. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spyclean (Rogue.Netcom3) -> Not selected for removal. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Netcom3 Cleaner\Netcom3D.exe (Rogue.Netcom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\netcom3.exe (Rogue.Netcom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\BackupManager.dll (Rogue.Netcom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\Logger.dll (Rogue.Netcom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\PscMonitor.dll (Rogue.NetCom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\RegistryChecker.dll (Rogue.NetCom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\RegManagers.dll (Rogue.NetCom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\SpyGuard.dll (Rogue.Netcom3) -> Not selected for removal. C:\Program Files\Netcom3 Cleaner\SpywareRemover.dll (Rogue.Netcom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047554.dll (Rogue.NetCom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047546.exe (Rogue.Netcom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047547.dll (Rogue.NetCom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047548.dll (Rogue.NetCom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047549.dll (Rogue.Netcom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047550.dll (Rogue.Netcom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047551.dll (Rogue.Netcom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047552.dll (Rogue.Netcom3) -> Not selected for removal. C:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP423\A0047553.exe (Rogue.Netcom3) -> Not selected for removal. F:\System Volume Information\_restore{6505B2CE-D6E4-4080-96A8-13D12CCF4732}\RP440\A0048597.exe (Rogue.Installer) -> Quarantined and deleted successfully.

I'm running XP SP3 as well. I'm running MBAM 1.31. I tend to get this error when my download/upload (DSL 1.5Mb) is busy with another task. Trying again later usually works. HOWEVER, this error message at least is incorrect. I always have a valid internet connection for the update. At minimum the message should be changed to say "internet busy, try again later" or something similar.

I've also had luck with BART PE bootable version of windows to allow running MBAM

I've followed the instructions on one of my computers. I have others to check which I'll post later. info.txt logfile of random's system information tool 1.04 2008-12-16 10:16:23 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 1&1 EasyLogin-->C:\Program Files\1&1\1&1 EasyLogin\Uninstall.exe Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop 5.5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 5.5\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 5.5\Uninst.dll" Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AzureBay Screen Saver 3.5-->MsiExec.exe /X{958A793F-F1D2-4A90-B6A5-C52E2D74E8FE} AzureBay Screen Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AzureBay\AzureBay Screen Saver\Uninst.isu" Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Canon CanoScan Toolbox 4.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{088A077A-8028-408C-AE7B-4512AE2A65A0}\setup.exe" -l0x9 anything CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Church Windows (F:\CW\)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78D1001C-1EA9-4592-90F5-3507BC2EFBE0}\setup.exe" -l0x9 -removeonly Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Core Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\Core Center\Uninst.isu" Debugging Tools for Windows (x86)-->MsiExec.exe /I{1CD0C3C5-809D-4CFC-904A-1B67C6243637} Dell Printer Software Uninstall-->C:\Program Files\Dell_HostCD\Install\Uninstall.exe Dolet Light for Finale 2004-->MsiExec.exe /X{512D0FB7-4104-46BA-BE72-3A1633E7946C} DualCoreCenter-->"C:\Program Files\MSI\DualCoreCenter\unins000.exe" DumbiTV 5.0.0-->f:\DumbiTV\unins000.exe ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A} ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} File Waster-->C:\WINDOWS\File Waster Uninstaller.exe Finale 2004-->C:\WINDOWS\unvise32.exe f:\Finale 2004\uninstal.log GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall GetDataBack for NTFS-->"C:\Program Files\Runtime Software\GetDataBack for NTFS\Uninstall.exe" "C:\Program Files\Runtime Software\GetDataBack for NTFS\install.log" -u GNU Privacy Guard-->"f:\GnuPG\uninst-gnupg.exe" Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall GPGee 1.4.0-BETA1-->F:\GnuPG\GPGee\uninst.exe Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 5.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat Indeo

I've experienced this problem today updating from Securityworks after 9am. I've had to run 'update' 2 or 3 times before it finally worked. I don't get the error updating from Malwarebytes. What was the problem resolution?

spyscan is a component of netcom3, an anti-virus/spam/spyware and registry cleaner product. it is not a virus, etc. see www.netcom3.com for details. why is MB 1.31 showing it as a virus? can you fix?